Prologue: I know that many people already tried to sandbox Python code within Python and failed, but I haven't seen the approach to additionally preprocess the scripts as text and reject scripts containing keywords like __base__
that could be used to recover hidden __buuiltins__
. I think this approach is new and hasn't been proofed to fail yet - has it?
I plan to write a multiplayer strategy game where players may not normally interact with their units using keyboard/mouse commands, but only through scripts they have to submit to change the units' automatic behaviour. This is based on the idea of http://screeps.com.
I would love to write that in Python 3, but the main problem seems to be the secure execution of untrusted foreign player scripts on the server. I know that I may not trust exec()
or eval()
, even when passing them empty globals
and locals
as environment. I also know that simply erasing __builtins__
also does not work because one can still easily restore them using Python's introspection capabilities as described here: http://nedbatchelder.com/blog/201302/finding_python_3_builtins.html
I already learned that PyPy or Jython might have some kind of sandboxing feature that would probably work for my purpose, but I would somehow prefer to stay with the CPython reference interpreter. Also, I could only find examples where those sandboxing features work for entire programs, but none that consists of a main program running untrusted scripts as child threads and communicating with them efficiently.
But I think I have one more chance: I can preprocess the submitted scripts literally and search for strings like __class__
or __base__
and reject scripts containing those keywords. I would also have to replace eval()
and exec()
in the script with my own, secured functions that also reject to run code containing those keywords.
Would this approach, together with overwriting all potentially dangerous items (which ones would that be?) using a custom globals
argument for exec()
be secure? Which keywords would I have to look for?
If not, why would that fail? Can you suggest a better solution?
Running Python Scripts using an IDE or a Text Editor You can use other IDEs like Spyder, PyCharm, Eclipse, and Jupyter Notebook which also allow you to run your scripts inside its environment. You can also use popular text editors like Sublime and Atom to run Python script.
It can run a Python code in two ways: As a Script or Module. As a piece of code written in an interactive session.
The Python-based sandbox is a Python package that is imported as any other Python package. Included in the Python package are tools that provide a means for passing Bulk Input/Output (BulkIO) data to and from components or devices.
To run Python scripts with the python command, you need to open a command-line and type in the word python , or python3 if you have both versions, followed by the path to your script, just like this: $ python3 hello.py Hello World! If everything works okay, after you press Enter , you'll see the phrase Hello World!
I'm not sure that this is a good idea. There are possibilities using pypy, or even a dedicate project python sandbox that has already dealt with much of system isolation. But the former needs a good deal of work to build a secure environment, and the latter does not directly support Python 3.x
But the author of pysandbox has stopped development since 2013, because he declared in its github site
pysandbox is BROKEN BY DESIGN, please move to a new sandboxing solution (run python in a sandbox, not the opposite!) https://lwn.net/Articles/574215/*
If you can accept a limited syntax, it would certainly much much more secure to define a dedicated grammar and build a custom interpretor with PythonLexYacc.
I must admit this is more hints than a full answer, but it is the best I can do now (and python sandbox was not referenced of that former SO question
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With