Open FilipDominec opened 7 years ago
It may turn out to be an illusion, but maybe I just got a simple 6-line sandboxing solution for pure Cpython 3.8.0+. No virtualization, no extra dependencies nor manual code preprocessing, negligible performance impact, and only minor functionality limitation.
One should thoroughly test it to call it secure against malicious attacks. But it is pretty safe against shooting one's leg and e.g. overwriting important files. The only trouble is that it requires rather new version of the interpreter.
Currently, the program searches for the file
plotrc_*.py
in the directory of the loaded file; if found, it is automaticallyeval
uated to pre-process the data and/or change the plotting style. It is supposed that files that once exist on your local hard drive should not be a vector of attack, but currentlyeval
can also access all your data which is somewhat dangerous.https://nedbatchelder.com/blog/201206/eval_really_is_dangerous.html