Re: Safe Python (Was Re: The '.' at the head of the default sys.path)

Steven D. Majewski (
Wed, 15 Jun 1994 16:36:00 -0400

On Jun 15, 15:34, Michael McLay wrote:
> Would you please elaborate on the 'ImportFrom' hack.

My hasn't yet been updated to use Tommy Burnette's newmodule,
so it requires an empty file "" to be in the path. I'll
get around to fixing that soon, which will also eliminate the mystical
fiddling with sys.modules, leaving the only REAL hacker magic left to
be inserting the module into the callers namespace. ( If you don't like
that, that's why there is both "importmodule" and "ImportModule" ;-)
( I also ought to change that "1+''" error into just a "raise SomeError"
- for some reason the obvious just didn't enter my head when I wrote it!
I recall the reason I didn't clean it up further was that I wasn't sure
of the best way of wrapping up all of the possible options ( with explicit
path or sys.path or other path search ) into one call interface. )

MyModule = importmodule( pathNameString, moduleNameString )

returns the imported module as an object, and must be assigned to a symbol.

moduleNameString = 'MyModule'
ImportModule( pathNameString, moduleNameString )

has the side effect of setting MyModule to the module object.
( i.e. after either of the above, you should be able to type
"dir MyModule" and get the expected results. )

import sys

def newmodule( modname ):
import null_module
sys.modules[modname] = sys.modules['null_module']
sys.modules[modname].__name__ = modname
del sys.modules['null_module']
del null_module
return sys.modules[modname]

def importmodule( filename, modname ):
module = newmodule( modname )
execfile( filename, module.__dict__, module.__dict__ )
return module

def caller():
import sys
1 + '' # make an error happen
except: # and return the caller's caller's frame
return sys.exc_traceback.tb_frame.f_back.f_back

def ImportModule( filename, modname ):
newmodule = importmodule( filename, modname )
frame = caller() # get the caller's frame
frame.f_globals[modname] = newmodule # and enter name in dict

> I am looking for
> a way to set a "safe-script" mode from within a Python script. The
> application requires Python to be embedded in a client program with a
> safe mode for executing programs downloaded from an untrusted server
> and with a standard mode that the client can use for client side
> control. The intention is to allow a server to use a client as a
> surrogate execution environment without compromising the client's
> local operating environment.
> The safe mode should turn off functions defined to interact with the
> operating system, such as the open() function and it should prevent
> imports from being called unless they are found in a safe path.

Please keep up posted on your efforts!

I am not that paranoid about safety at the moment - my current
python servers or cgi(*) scripts ( except for a few experiments )
don't allow shipping of functions or eval or other unsafe commands,
but I would be very interested in a python equivalent to safe-tcl
for primarily the same function as safe-tcl is intended:
active mail objects or smart "telescript" like agents.

- Steve Majewski (804-982-0831) <sdm7g@Virginia.EDU>
- UVA Department of Molecular Physiology and Biological Physics

(*) There seems to be a lot of folks working on www & cgi python
scripts at the moment!