Sometimes questions come up on here about unpickling safely and executing foreign code. I was thinking a minimum install that didn't even have access to modules like 'os' could be safe. (Potentially.) I have time to entertain this a little, though all the devs are busy. I can bring it up again in a few months if it's a better time.
I browsed for info on 'rexec'. Two c-l-py threads: http://mail.python.org/pipermail/python-dev/2002-December/031160.html http://mail.python.org/pipermail/python-dev/2003-January/031848.html A lot of modules would have to go. <Long list> IPC modules: subprocess, socket, signal, popen2, asyncore, asynchat. ctypes, mmap, platform.popen, glob, shutil, dircache, and many more</Long>. I tested it out. I renamed the 'Lib' directory and ran. 'import site' failed; use -v for traceback Python 2.5.2 (r252:60911, Feb 21 2008, 13:11:45) [MSC v.1310 32 bit (Intel)] on win32 Type "help", "copyright", "credits" or "license" for more information. >>> import os ImportError: No module named os >>> import socket ImportError: No module named socket >>> del __builtins__.__import__ >>> __import__ NameError: name '__import__' is not defined >>> del __builtins__.open, __builtins__.file >>> open NameError: name 'open' is not defined >>> file NameError: name 'file' is not defined Even a function created from raw bytecode string can't do anything without __import__ or 'open'. And you can't get a second instance running without subprocess or os.system. 'rexec' may be full of swiss cheese and irreparable, but maybe it would work to start from bare-bones and add pieces known to be safe. This sort of thing wouldn't need and standard library support either, I don't think. -- http://mail.python.org/mailman/listinfo/python-list
