1

Is there a way to limit the abilities of python scripts running under an embedded interpretor? Specifically I wish to prevent the scripts from doing things like the following:

  • Importing python extension modules (ie .pyd modules), except those specifically allowed by the application.
  • Manipulating processes in any way (ie starting new processes, or terminating the application).
  • Any kind of networking.
  • Manipulating the file system (eg creating, modifying and deleting files).
Improve this question
1

3 Answers 3

Reset to default
2

No. There's no easy way to prevent those things on CPython. Your options are:

  1. Edit CPython source code and remove things you don't want - provide mocking methods for all those things. Very error-prone and hard to do. This is the approach of Google's App Engine.
  2. Use Restricted Python. However, with it you can't prevent your user from exhausting the memory available or running infinite eat-all-cpu loops.
  3. Use another python implementation. PyPy has a sandbox mode you can use. Jython runs under java and I guess java can be sandboxed.
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Well I'm not to worried about scripts crashing/freezing the application, more when a hostile plug-in say downloads and executes a file from the internet, changes system settings, etc. I guess I could edit the CPython implementation, for some things I guess just not compiling the module to start with will be suitable, and if I guess I could hook the module loader to check a whitelist of safe pyd modules. Is there any info around somewhere on simply removing modules/objects from the python compile?
0

Maybe this can be helpful. You have an example provided on how to work with the ast.

Improve this answer

1 Comment

"ACCESS DENIED", I really hate colleges internet restrictions...will check this later when I get home.
0

What you want it Google's Unladen Swallow project that Python version of App Engine runs on.

Modules are severely restricted, ctypes are not allowed, sockets are matched against some policy or other, in other words you get a sandboxed version of Python, in line with their Java offering.

I'd like to point out that this makes the system almost useless. Well useless for anything cooler than yet another [App Engine] App. Forget monkey-patching system modules, and even access to own stack is restricted. Totally un-dynamic-like.

OT: games typically embed LUA for scripting, perhaps you should check it out.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.