[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [pygame] Python bots in Galcon (or your game!) safe_eval
Phil Hassey wrote:
> Anyway, feel free to poke around the code. I think a working safe_eval
> would be a huge asset for games developed in python that want to have
> user submitted mods / bots.
if submissions are handled manually, i guess reviewing might be possible too,
but certainly there are cases where it would be nice to just allow arbitary code
to be run in a restricted context.
just figured to mention that also the PyPy project has implemented restricted
execution contexts, and AFAIK in their implementation the base py architecture
supports it so that it can be done nice and safe. of course for action game
usage the speed is a concern and probably even a showstopper now, but perhaps
not totally for all kinds of games / simple logic code? and they do intend to
increase the performance..
i am no pypy expert though, basically just read this part of their 0.99.0
announcement some time ago:
new object spaces:
* Tainting: a 270-line proxy object space tracking and boxing
sensitive information within an application. A tainted object is
completely barred from crossing an I/O barrier, such as writing to
files, databases or sockets. This allows to significantly reduce
the effort of e.g. security reviews to the few places where
objects are "declassified" in order to send information across I/O
so it is not exactly safe eval, but..?
versions, a system terminal and a bub'n'bros game at
BTW speaking of alternative py implementatins w.r.t restricted execution, it
seems there have been efforts on that with PLT Spy (Python <http://python.org/>
that uses PLT Scheme's <http://plt-scheme.org/> runtime) too - dunno if anything
has become of that ..
http://radeex.blogspot.com/2004/04/i-spy-untrusted-code.html is radix's old post
about it, i did not see anything recent on
http://plt-spy.sourceforge.net/home.html either but did not look deep.
i am not qualified to evaluate this new safe_eval, good luck with it, am just
mentioning those similar efforts.
(oh and thanks for galcon, it's fun :)