On 2013-06-30 22:43:52 -0300, Claudio Freire wrote:
> Not only that, the CPython interpreter is rather fuzzy about the
> division between interpreters. You can initialize multiple
> interpreters, but they share a lot of state, so you can never fully
> separate them. You'd have some state from the untrusted interpreter
> spill over into the trusted one within the same session, which is not
> ideal at all (and in fact can be exploited).
>
> In essence, you'd have to use another implementation. CPython guys
> have left it very clear they don't intend to "fix" that, as they don't
> consider it a bug. It's just how it is.
Doesn't zope's RestrictedPython have a history of working reasonably
well? Now, you sure pay a price for that, but ...
Greetings,
Andres Freund
-- Andres Freund http://www.2ndQuadrant.com/PostgreSQL Development, 24x7 Support, Training &
Services