[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [pygame] pygame web plugin



from talking to the python guys sandboxing python is easy if you use
the C api to overwrite builtins.
(sandboxing issues arise from trying to sandbox python from within python)

You'd need to replace pythons import function with one that checks
only for files in a zip for instance.

Or for starters you could disable import alltogether and only allow C
modules and standalone scripts.

------------------ blenders sandbox code

// Python Sandbox code
// override builtin functions import() and open()

PyObject *KXpy_open(PyObject *self, PyObject *args) {
	PyErr_SetString(PyExc_RuntimeError, "Sandbox: open() function
disabled!\nGame Scripts should not use this function.");
	return NULL;
}

PyObject *KXpy_reload(PyObject *self, PyObject *args) {
	PyErr_SetString(PyExc_RuntimeError, "Sandbox: reload() function
disabled!\nGame Scripts should not use this function.");
	return NULL;
}

PyObject *KXpy_file(PyObject *self, PyObject *args) {
	PyErr_SetString(PyExc_RuntimeError, "Sandbox: file() function
disabled!\nGame Scripts should not use this function.");
	return NULL;
}

PyObject *KXpy_execfile(PyObject *self, PyObject *args) {
	PyErr_SetString(PyExc_RuntimeError, "Sandbox: execfile() function
disabled!\nGame Scripts should not use this function.");
	return NULL;
}

PyObject *KXpy_compile(PyObject *self, PyObject *args) {
	PyErr_SetString(PyExc_RuntimeError, "Sandbox: compile() function
disabled!\nGame Scripts should not use this function.");
	return NULL;
}

PyObject *KXpy_import(PyObject *self, PyObject *args)
{
	char *name;
	PyObject *globals = NULL;
	PyObject *locals = NULL;
	PyObject *fromlist = NULL;
	PyObject *l, *m, *n;

	if (!PyArg_ParseTuple(args, "s|OOO:m_import",
	        &name, &globals, &locals, &fromlist))
	    return NULL;

	/* check for builtin modules */
	m = PyImport_AddModule("sys");
	l = PyObject_GetAttrString(m, "builtin_module_names");
	n = PyString_FromString(name);
	
	if (PySequence_Contains(l, n)) {
		return PyImport_ImportModuleEx(name, globals, locals, fromlist);
	}

	/* quick hack for GamePython modules
		TODO: register builtin modules properly by ExtendInittab */
	if (!strcmp(name, "GameLogic") || !strcmp(name, "GameKeys") ||
!strcmp(name, "PhysicsConstraints") ||
		!strcmp(name, "Rasterizer") || !strcmp(name, "Mathutils")) {
		return PyImport_ImportModuleEx(name, globals, locals, fromlist);
	}
		
	PyErr_Format(PyExc_ImportError,
		 "Import of external Module %.20s not allowed.", name);
	return NULL;

}


static PyMethodDef meth_open[] = {{ "open", KXpy_open, METH_VARARGS,
"(disabled)"}};
static PyMethodDef meth_reload[] = {{ "reload", KXpy_reload,
METH_VARARGS, "(disabled)"}};
static PyMethodDef meth_file[] = {{ "file", KXpy_file, METH_VARARGS,
"(disabled)"}};
static PyMethodDef meth_execfile[] = {{ "execfile", KXpy_execfile,
METH_VARARGS, "(disabled)"}};
static PyMethodDef meth_compile[] = {{ "compile", KXpy_compile,
METH_VARARGS, "(disabled)"}};

static PyMethodDef meth_import[] = {{ "import", KXpy_import,
METH_VARARGS, "our own import"}};

void setSandbox(TPythonSecurityLevel level)
{
    PyObject *m = PyImport_AddModule("__builtin__");
    PyObject *d = PyModule_GetDict(m);

	// functions we cant trust
	PyDict_SetItemString(d, "open", PyCFunction_New(meth_open, NULL));
	PyDict_SetItemString(d, "reload", PyCFunction_New(meth_reload, NULL));
	PyDict_SetItemString(d, "file", PyCFunction_New(meth_file, NULL));
	PyDict_SetItemString(d, "execfile", PyCFunction_New(meth_execfile, NULL));
	PyDict_SetItemString(d, "compile", PyCFunction_New(meth_compile, NULL));
	
	// our own import
	PyDict_SetItemString(d, "__import__", PyCFunction_New(meth_import, NULL));

}








On Sat, Sep 6, 2008 at 10:07 AM, machinimist@xxxxxxxxx
<machinimist@xxxxxxxxx> wrote:
> hi,
>
> i would like to bring up this topic again since a python based open source
> alternative to flash which could be used to create browser games would
> be super awesome. :)
>
> if i understand this correctly then the main problem of something like that
> is security.
>
> i noticed on the blender mailing list that someone started to revive the
> blender game engine web plugin. they use python too and apparently they have
> found a way to sandbox python.
>
> http://lists.blender.org/pipermail/bf-committers/2008-August/021660.html
>
> what do you think about this?
> wouldn't a web plugin be a big opportunity for pygame?
> i am no expert on all of this though... maybe making a web version of
> pygame is totally unfeasible?