Le dimanche 19 septembre 2010 01:05:45, Greg Ewing a écrit : > I don't follow. Trusted functions such as proxy() shouldn't > be sharing a __builtins__ dict with sandboxed code. > (...) > So give each program its own copy of __builtins__. By "program" you mean a "process"? proxy() and untrusted functions are executed in the same process and the same interpreter. Untrusted code calls (indrectly) proxy(): should I create a new copy of __builtins__ for each frame? I don't know how to do that in Python (without modify the Python interpreter) and I suppose that it will make Python slower. The frame mechanism is already slow (create a new frame to call a Python function is much slower than calling a function in C). pysandbox creates a new separated namespace for untrusted functions, but __builtins__ "namespace" (dict) is shared between Python and pysandbox namespaces. -- Victor Stinner http://www.haypocalc.com/
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4