Right now what I'm doing is:

1. search code for double underscores (to block magic methods)

2. replace `__builtins__` with a whitelisted version

3. hook `__import__` to only allow a whitelist

4. hook `getattr` to reject any key containing double underscores

You may want to bear in mind that, at least last I knew, the official position of the CPython dev team is that it is not possible to sandbox CPython.

If they can't do it....

At any rate it is certainly not as simple as that, and not only is it not as simple as that, it is not even close to being that simple.

In fact, I recall warning people off of this exact project many years ago on comp.lang.python.

This seems up-to-date: https://wiki.python.org/moin/Asking%20for%20Help/How%20can%2... It looks like the only even remotely feasible option is PyPy, and this link doesn't look like much fun: https://pypi.python.org/pypi/RestrictedPython/ It looks to me like you'd still have many, many opportunities to end up with holes in the system.

I really, really don't recommend Python for this.

You might find this interesting: http://blog.delroth.net/2013/03/escaping-a-python-sandbox-nd... (And before you go "Oh, I've got that blocked"... read it, like, really really read it, not just skim for "one thing I can do to block that stuff", but to see just how many things there are in Python for this sort of hackery. Personally I'd guess the "I blocked double-underscores" would not have slowed them down much.)

Holy shit, that article was brilliant. A few of those tricks I was aware of ( __class__.__class__ ), but crafting code objects? I need to re-read this a few times to properly grok how it works.

I find things like this absolutely fascinating.

This. You _will_ get compromised. Maybe not today or tomorrow but it is inevitable.

Is this python 2 or 3? Your description said that you didn't allow underscores, but if this is python 2, people would still be able to run threads (threads were renamed _thread in python 3).

Same question here. I am a total novice to Python, so it might be a stupid question. When I launch with python2.6 it does not find the RestrictedPython package. If I launch with Python 3.2 then it complains about the "print" syntax.

You might also want to consider using a sandbox/jail such as AppArmor, to prevent the Python (sub)process itself from accessing any resources should those methods fail.

I came across a project called CodeJail, which seems to help configure Python (or other scripting languages) nicely with AppArmor, to help execute untrusted code in a safe(r) manner: https://github.com/edx/codejail

Many of the builtins that are disabled seem quite harmless to me (especially something like "min"). Curious how you decided which ones to disable.

Check out https://github.com/haypo/pysandbox/

I would recommend looking at the PyPy sandbox environment as it is not possible to secure CPython in this way.

Are you at least running the code in a secured VM, or a Linux sandbox?