[QGIS-Developer] Enhancing QGIS Development and Security Features Proposition
Even Rouault
even.rouault at spatialys.com
Fri Nov 3 02:00:21 PDT 2023
Rhea,
>
> *
>
> - Proposition would be a feature that allows users to limit Python
> console functionality based on their needs.
>
If you have in mind to limit the set of functionality available in the
Python console, that's not technically doable, at least with the CPython
interpreter. All you can do is to not provide any access at all to the
Python console. Python isn't a "safe" language, that is a sufficiently
willing user can do arbitrary things, including crashing itself with
just core functionality:
$ python -c "exec(type((lambda: 0).__code__)(0, 0, 0, 0, 0, 0, b'\x053',
(), (), (), '', '', 0, b''))"
Segmentation fault (core dumped)
cf
https://stackoverflow.com/questions/42544487/how-can-i-cause-python-3-5-to-crash
People have tried sandboxing Python many times, but under careful
examinations, all attempts fail at some point.
Even
--
http://www.spatialys.com
My software is free, but my time generally not.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/qgis-developer/attachments/20231103/fd41f91a/attachment.htm>
More information about the QGIS-Developer
mailing list