[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [pygame] Scripting language



On 12/19/06, robomancer <robomancer@xxxxxxxxx> wrote:
On the other hand, allowing people to run arbitrary code on your
machine is a Bad Idea even if you *can* ensure that the filesystem
isn't touched.  What if they send any of the following?

while True:
  pass

def fib(n):
  return fib(n-1) + fib(n-2)
fib(1000000)

If you were using Stackless Python, this sort of thing could easily be detected, interrupted and discarded. You could then flag the user who wrote the overly intensive logic and refuse to run any more (or whatever).

def steal_data():
  send_to_client("127.0.0.1", pickle.dump(confidential.data.structure)

I wonder if this recipe were taken to the safe extreme, how much of a subset of Python could be safely allowed:

http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/286134

Richard.