I’m making a wxpython app that I will compile with the various freezing utility out there to create an executable for multiple platforms.

the program will be a map editer for a tile-based game engine

in this app I want to provide a scripting system so that advanced users can modify the behavior of the program such as modifying project data, exporting the project to a different format ect.

I want the system to work like so.

the user will place the python script they wish to run into a styled textbox and then press a button to execute the script.

I’m good with this so far thats all really simple stuff.
obtain the script from the text-box as a string compile it to a cod object with the inbuilt function compile() then execute the script with an exec statment

script = textbox.text #bla bla store the string
code = compile(script, "script", "exec") #make the code object
eval(code, globals())

the thing is, I want to make sure that this feature can’t cause any errors or bugs
say if there is an import statement in the script. will this cause any problems taking into account that the code has been compiled with something like py2exe or py2app?
how do I make sure that the user can’t break critical part of the program like modifying part of the GUI while still allowing them to modify the project data (the data is held in global properties in it’s own module)? I think that this would mean modifying the globals dict that is passed to the eval function.
how to I make sure that this eval can’t cause the program to hang due to a long or infinite loop?
how do I make sure that an error raised inside the user’s code can’t crash the whole app?

basically, how to I avoid all those problems that can arise when allowing the user to run their own code?

EDIT: Concerning the answers given

I don’t feel like any of the answers so far have really answered my questions
yes they have been in part answered but not completely. I’m well aware the it is impossible to completely stop unsafe code. people are just too clever for one man (or even a teem) to think of all the ways to get around a security system and prevent them.

in fact I don’t really care if they do. I’m more worried about some one unintentional breaking something they didn’t know about. if some one really wanted to they could tear the app to shreds with the scripting functionality, but I couldn’t care less. it will be their instance and all the problem they create will be gone when they restart the app unless they have messed with files on the HD.
I want to prevent the problems that arise when the user dose something stupid.
things like IOError’s, SystaxErrors, InfiniteLoopErrors ect.

now the part about scope has been answered. I now understand how to define what functions and globals can be accessed from the eval function
but is there a way to make sure that the execution of their code can be stopped if it is taking too long?
a green thread system perhaps? (green because it would be eval to make users worry about thread safety)

also if a users uses an import module statement to load a module from even the default library that isn’t used in the rest of the class. could this cause problems with the app being frozen by Py2exe, Py2app, or Freeze? what if they call a modal out side of the standard library? would it be enough that the modal is present in the same directory as the frozen executable?

I would like to get these answers with out creating a new question but I will if I must.