I think arbitrary code execution is fairly easy with this system.
Another option would be to start another Python process in a chroot jail, and send expressions to that process and get the response back. You could place process limits on the executable to avoid some DoS problems.
Comment
I think arbitrary code execution is fairly easy with this system.
Another option would be to start another Python process in a chroot jail, and send expressions to that process and get the response back. You could place process limits on the executable to avoid some DoS problems.