Is there a "safe" subset of Python for use as an embedded scripting language?
Hire the world's top talent on demand or became one of them at Toptal: https://topt.al/25cXVn
and get $2,000 discount on your first invoice
--------------------------------------------------
Music by Eric Matyas
https://www.soundimage.org
Track title: Puzzle Game 2 Looping
--
Chapters
00:00 Is There A &Quot;Safe&Quot; Subset Of Python For Use As An Embedded Scripting Language?
01:13 Answer 1 Score 4
01:22 Answer 2 Score 4
01:43 Answer 3 Score 3
02:07 Accepted Answer Score 10
02:26 Thank you
--
Full question
https://stackoverflow.com/questions/8618...
--
Content licensed under CC BY-SA
https://meta.stackexchange.com/help/lice...
--
Tags
#python #security #scripting #scriptinglanguage #embeddedlanguage
#avk47
ACCEPTED ANSWER
Score 10
Here are a couple of links to give you an idea on what you're up against:
- How can I run an untrusted Python script safely (i.e. Sandbox)
- Capabilities for Python? by Guido himself
There is also a dead google code project at http://code.google.com/p/sandbox-python/
ANSWER 2
Score 4
The pypy project offers sandboxing features, see http://doc.pypy.org/en/latest/sandbox.html .
ANSWER 3
Score 4
No there is no production ready subset of Python that is "safe". Python has had a few sand box modules which were deprecated due to deficiencies.
Your best bet is to either create your own parser, or isolate the python process with syscall hooks and a jailed account.
Some people might point you to PyPy, but it is unfinished.
ANSWER 4
Score 3
AFAIK, some attempts were made in standard python library, but they were not successful. See Restricted Execution for details.
Warning
In Python 2.3 these modules have been disabled due to various known and not readily fixable security holes. The modules are still documented here to help in reading old code that uses the rexec and Bastion modules.