> This weekend I'm going to work on a "restricted" python interpreter for > http://acm.uva.es/problemset/. That site offers online programming > contests, including an online judge to check algorithm implementations > for hundreds of problems. I belive it'd be nice for the Python community > to have access to something like that. > > This interpreter should have limited functionality so that malicious users > won't be able to access the filesystem, sockets, and other "dangerous" > functionality. > > I'm not sure if that will be useful for the stock Python interpreter, > as its application is very specific, but at least it could be a nice > starting point for similar projects. > > I've included here a quick list of changes to the python interpreter to > achieve that. Do you remember about any other possible problems? > > - include a '-r' flag, which enables a global restricted flag, and > implies -E, and -S. > > - depending on the flag, don't let scripts import posixmodule, (we can't > remove it, or python won't compile); > > - depending on the flag, change the way module imports work, using only > the sys.path Python has started with; > > - depending on the flag, limit instantiation of 'file' types (remember that > type(sys.stdout) returns the 'file' type, so removing it from builtins is > not enough). > > - remove all, but the builtin modules which could be useful for some > algorithm: _codecs, array, cmath, binascii, crypt, cStringIO, md5, math, > _locale, _sre, pcre, pyexpat, regex, sha, strop, timing, struct, time, > xreadlines, unicodedata, _weakref; Are you aware of the standard library module 'rexec'? --Guido van Rossum (home page: http://www.python.org/~guido/)
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4