First, I'll distinguish between things which are dangerous because
the can effect the outside-Python environment and break security,
and resource control and accounting - where you want to limit
or bill for the resources used. I think they are two different
but related problems. ( And I'll defer discussion of resource control
and monitoriung 'till later )
(1) Routines which dangerously interact with the environment outside
Python:
__builtin__.open
posixmodule
socketmodule
sys.stdin, sys.stdout, sys.stderr
I assume we want to leave read/write to sys.stdin/stdout/stderr as
always available by default, but restrict a programs ability to
change sys.stdin/stdout/stderr.
(2) Routines which interact with the outside in ways that aren't
necessarily *dangerous*, but shouldn't be allowed anyway.
any of the tk or any user interface calls that can open
a new window.
(3) loopholes IN the language, which in themselves aren't dangerous,
but make backdoors to access the above.
import
exec
sys.path
sys.modules
sys.builtin_module_names
__builtin__
These features need some limiting control added: restrictions on
what can be imported, or on modifying variables that will change
WHAT exactly gets imported or executed when you do allow limited
import ( or exec from a file or code string, etc. )
-- Steve Majewski (804-982-0831) <sdm7g@Virginia.EDU> --
-- UVA Department of Molecular Physiology and Biological Physics --
-- Box 449 Health Science Center Charlottesville,VA 22908 --
[ "Cheese is more macho?" ]