This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author vstinner
Recipients vstinner
Date 2012-03-22.02:03:35
SpamBayes Score 1.2858512e-08
Marked as misclassified No
Message-id <1332381816.01.0.198972850539.issue14385@psf.upfronthosting.co.za>
In-reply-to
Content 
Example combining patches of #14385 and #14386 to run code with read-only __builtins__:
----------- test.py -------------
ns={'__builtins__': __builtins__.__dict__}
exec(compile("__builtins__['superglobal']=1; print(superglobal)", "test", "exec"), ns)
ns={'__builtins__': dictproxy(__builtins__.__dict__)}
exec(compile("__builtins__['superglobal']=2; print(superglobal)", "test", "exec"), ns)
----------- end of test.py -----

Output:
--------
$ ./python test.py
1
Traceback (most recent call last):
  File "x.py", line 4, in <module>
    exec(compile("__builtins__['superglobal']=1; print(superglobal)", "test", "exec"), ns)
  File "test", line 1, in <module>
TypeError: 'dictproxy' object does not support item assignment
--------

Note: this protection is not enough to secure Python, but it is an important part of a Python sandbox.
History
Date User Action Args
2012-03-22 02:03:36vstinnersetrecipients: + vstinner
2012-03-22 02:03:36vstinnersetmessageid: <1332381816.01.0.198972850539.issue14385@psf.upfronthosting.co.za>
2012-03-22 02:03:35vstinnerlinkissue14385 messages
2012-03-22 02:03:35vstinnercreate