Nick Maclaren wrote: >> This recipe for safe_eval: >> http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/496746 >> which is otherwise very cute, does not handle this case as well: it >> tries to catch and interrupt long-running operations through a >> secondary thread, but fails on a single long operation because the >> GIL is not released and the alarm thread does not get its chance to >> run. > > Grin :-) > > You have put your finger on the Great Myth of such virtualisations, > which applies to the system-level ones and even to the hardware-level > ones. In practice, there is always some request that a sandbox can > make to the hypervisor that can lock out or otherwise affect other > sandboxes. > > The key is, of course, to admit that and to specify what is and is > not properly virtualised, so that the consequences can at least be > analysed.
I agree, and in fact Brett's work on a proper security model is greatly welcome. It's just that us mere mortals need to use eval() *now*, and that recipe is good enough for many practice uses. If you can't win, you can at least lose with dignity :) -- Giovanni Bajo _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
