[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [pygame] From * import * and Pygame2exe



On 7/20/05, andrew baker <failrate@xxxxxxxxx> wrote:
> Well, I was also thinking about running a validator somewhere in there
> that would only allow a specific set of commands for the level
> modules.  For example, no one should be executing file operations or
> sys commands from within a level logic block.  In fact, they should
> only be doing namespace data operations, comparisons and iterations.

You probably already know this, but it's fiendishly difficult to
validate Python code like that if you are using the builtin compiler.
The new Pythons don't have any builtin restricted execution tools
anymore and plain string/regexp matching will probably let something
slip (there are so many different ways to e.g. get reference to the
os.system function).

The most realistic options are probably analyzing the abstract syntax
tree or the compiled bytecodes. I've personally used bytecodes to
validate untrusted Python expressions by restricting the allowed
bytecodes to very basic operations (settings variable values mainly)
and by restricting values for specific bytecodes (e.g. you could
restrict the LOAD_NAME bytecode to only work on a handful of
predefined names).

-- 
Sami Hangaslammi