On 05/05/2013 13:54, onkelpax-jython@yahoo.de wrote:
Hallo friends of Python!

I'm working on a Java project that allows to execute (untrusted) Python user code. I've prevented the availablity of specific Java classes/methods via a custom classloader. But I saw that Jython also provides some native built-in functions that are no Java code: http://www.jython.org/docs/library/functions.html

When we say they are built-in functions we really only mean that they do not need to be imported. If the documentation says something is implemented in C, it's probably poor editing on our part: it is mostly just a copy of the CPython documentation and things slip through.  The built-in functions are implemented in Java, so if you are satisfied that you have locked down the JVM, you are probably ok. However, I'm not in a position to advise you about securing the JVM.

Outside the JVM itself, very little platform-native code is used. One exception I know of is the jline library (console i/o) which supplies native methods a dynamic library.

Jeff Allen