Nick Coghlan wrote:
> are somewhat staggering, and designing an in-process sandbox to cope
> with that is a big ask (and demonstrating that the sandbox actually
> *achieves* that goal is even tougher).
I was thinking along the lines of:
1. Start a "light" python interpreter, which by default will not allow
you to import anything including any of the standard python libraries.
2. This light python interpreter will have hooks around
memory allocation: Limit maximum memory used by the user. So
users should not be able to do:
[1]*100000000000
bytecode execution: Limit time of execution of each python line.
Users should not be able to:
while True: i = i + 1
3. Have the ability to transfer objects between the main and the light
python interpreter.
user_interpreters = {}
for user_name, user_module in all_user_modules:
pl = python_light(memory_limit_per_instruction = "0.1M",
execution_limit = "2S", memory_limit_interpreter="2M", allow_modules=None)
pl.load_module(user_script)
user_interpreters[user_name] = pl
for user_name in user_interpreters:
pl = user_interpreters[user_name]
update_globa_env(pl) #application specific function which will setup
data to be used by the python interpreter
try:
user_function_value = pl.user_function()
except Exceeded_Memory:_Per_Instruction:
except Exceeded_Execution_Time_Limit:
except Exceeded_Total_Memory_Limit:
handle_exception()
It is up the the application builder to ensure that any and all
modules/object that are added to the "light" python interpreter are secure.
Vineet
_______________________________________________
Python-3000 mailing list
Python-3000@python.org
http://mail.python.org/mailman/listinfo/python-3000
Unsubscribe:
http://mail.python.org/mailman/options/python-3000/archive%40mail-archive.com
