I am writing a python backend using django and decided to add functionality so that users can send me
.py files for execution. The task was how to protect yourself? From this file I have to call a function with a predetermined name, but the problem is that suddenly users inside the function will open sockets or create a million files or something … In general, how can I prevent them from doing this by calling this function?
Is it possible to do this at the python level and not at the Linux level?
PyPy offers sandboxing at a level similar to that of the sandbox OS, for example SECCOMP under Linux, but this is purely a python-level solution:
One of PyPy's translation aspects is a sandboxing feature. It's “sandboxing” as in “full virtualization”, but done in normal C with no OS support at all.
More details with examples in the PyPy documentation .