On 30 June 2013 14:31, Martijn van Oosterhout <kleptog@svana.org> wrote:
On Sun, Jun 30, 2013 at 02:18:07PM +0200, Szymon Guz wrote: > > python does not any any sort of reliable sandbox, so there is no plpython, > > only plpythonu - hence only one interpreter per backend is needed. > > > Is there any track of the discussion that there is no way to make the > sandbox? I managed to create some kind of sandbox, a simple modification > which totally disables importing modules, so I'm just wondering why it > cannot be done.
If you read through it I think you will understand the difficulties.
Hi Martin,
thanks for links. I was thinking about something else. In fact we don't need full sandbox, I think it would be enough to have safe python, if it couldn't import any outside module. Wouldn't be enough?
It seems like the sandbox modules want to limit many external operations, I'm thinking about not being able to import any module, even standard ones, wouldn't be enough?