On 2013-06-30 14:42:24 +0200, Szymon Guz wrote: > On 30 June 2013 14:31, Martijn van Oosterhout <kleptog@svana.org> wrote: > > > On Sun, Jun 30, 2013 at 02:18:07PM +0200, Szymon Guz wrote: > > > > python does not any any sort of reliable sandbox, so there is no > > plpython, > > > > only plpythonu - hence only one interpreter per backend is needed. > > > > > > > Is there any track of the discussion that there is no way to make the > > > sandbox? I managed to create some kind of sandbox, a simple modification > > > which totally disables importing modules, so I'm just wondering why it > > > cannot be done. > > > > http://wiki.python.org/moin/SandboxedPython > > > > This is the thread I was thinking of: > > http://mail.python.org/pipermail/python-dev/2009-February/086401.html > > > > If you read through it I think you will understand the difficulties. > >
> thanks for links. I was thinking about something else. In fact we don't > need full sandbox, I think it would be enough to have safe python, if it > couldn't import any outside module. Wouldn't be enough? > > It seems like the sandbox modules want to limit many external operations, > I'm thinking about not being able to import any module, even standard ones, > wouldn't be enough?