subject:"Executing untrusted scripts in a sandboxed environment"

Re: Executing untrusted scripts in a sandboxed environment

2012-10-06 Thread Chris Angelico

On Sat, Oct 6, 2012 at 8:22 AM, Robin Krahl m...@robin-krahl.de wrote:
 Hi all,

 I need to execute untrusted scripts in my Python application. To avoid 
 security issues, I want to use a sandboxed environment. This means that the 
 script authors have no access to the file system. They may only access 
 objects, modules and classes that are flagged or approved for scripting.

 I read that I will not be able to do this with Python scripts. (See 
 SandboxedPython page in the Python wiki [0] and several SE.com questions, e. 
 g. [1].) So my question is: What is the best way to embed a script engine 
 in a sandboxed environment that has access to the Python modules and classes 
 that I provide?

With extreme difficulty. A while back (couple years maybe? I don't
remember), I ignored everyone's warnings and tried to make a sandboxed
Python, embedded in a C++ application. It failed in sandboxing. With
just some trivial tinkering using Python's introspection facilities, a
couple of python-list people managed to read and write files, and
other equally dangerous actions. Shortly thereafter, we solved the
problem completely... by switching to JavaScript.

Embedding CPython in an application simply doesn't afford sandboxing.
To what extent do you actually need to run untrusted Python? Can you,
for instance, sandbox the entire process (which wasn't an option for
what we were doing)? Perhaps chrooting the Python interpreter will do
what you need. But there may still be leaks, I don't know.

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Executing untrusted scripts in a sandboxed environment

2012-10-06 Thread Ramchandra Apte

On Saturday, 6 October 2012 04:00:08 UTC+5:30, Robin Krahl  wrote:
 Hi all,
 
 I need to execute untrusted scripts in my Python application. To avoid 
 security issues, I want to use a sandboxed environment. This means that the 
 script authors have no access to the file system. They may only access 
 objects, modules and classes that are flagged or approved for scripting.
 
 I read that I will not be able to do this with Python scripts. (See 
 SandboxedPython page in the Python wiki [0] and several SE.com questions, e. 
 g. [1].) So my question is: What is the best way to embed a script engine 
 in a sandboxed environment that has access to the Python modules and classes 
 that I provide?
 
 Thanks for your help.
 
 Best regards,
 Robin
 
 [0] http://wiki.python.org/moin/SandboxedPython
 [1] 
 http://stackoverflow.com/questions/3068139/how-can-i-sandbox-python-in-pure-python
From http://wiki.python.org/moin/SandboxedPython
The Java and CLR/.NET runtimes support restricted execution, and these can be 
utilised through the Jython and IronPython variants of Python (as well as by 
other languages, obviously).
You can also check out http://doc.pypy.org/en/latest/sandbox.html for PyPy's 
sandbox
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Executing untrusted scripts in a sandboxed environment

2012-10-06 Thread Ramchandra Apte

On Saturday, 6 October 2012 12:49:29 UTC+5:30, Chris Angelico  wrote:
 On Sat, Oct 6, 2012 at 8:22 AM, Robin Krahl m...@robin-krahl.de wrote:
 
  Hi all,
 
 
 
  I need to execute untrusted scripts in my Python application. To avoid 
  security issues, I want to use a sandboxed environment. This means that the 
  script authors have no access to the file system. They may only access 
  objects, modules and classes that are flagged or approved for scripting.
 
 
 
  I read that I will not be able to do this with Python scripts. (See 
  SandboxedPython page in the Python wiki [0] and several SE.com questions, 
  e. g. [1].) So my question is: What is the best way to embed a script 
  engine in a sandboxed environment that has access to the Python modules and 
  classes that I provide?
 
 
 
 With extreme difficulty. A while back (couple years maybe? I don't
 
 remember), I ignored everyone's warnings and tried to make a sandboxed
 
 Python, embedded in a C++ application. It failed in sandboxing. With
 
 just some trivial tinkering using Python's introspection facilities, a
 
 couple of python-list people managed to read and write files, and
 
 other equally dangerous actions. Shortly thereafter, we solved the
 
 problem completely... by switching to JavaScript.
 
 
 
 Embedding CPython in an application simply doesn't afford sandboxing.
 
 To what extent do you actually need to run untrusted Python? Can you,
 
 for instance, sandbox the entire process (which wasn't an option for
 
 what we were doing)? Perhaps chrooting the Python interpreter will do
 
 what you need. But there may still be leaks, I don't know.
 
 
 
 ChrisA

Something like ast.literal_eval may be useful.
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Executing untrusted scripts in a sandboxed environment

2012-10-06 Thread Chris Angelico

On Sat, Oct 6, 2012 at 7:10 PM, Ramchandra Apte maniandra...@gmail.com wrote:
 On Saturday, 6 October 2012 12:49:29 UTC+5:30, Chris Angelico  wrote:
 On Sat, Oct 6, 2012 at 8:22 AM, Robin Krahl m...@robin-krahl.de wrote:
  What is the best way to embed a script engine in a sandboxed environment 
  that has access to the Python modules and classes that I provide?

 With extreme difficulty.

 Something like ast.literal_eval may be useful.

Not really; it's hardly sufficient. That sort of feature is handy for
making an expression evaluator; for instance, you could implement a
powerful calculator with it. But it's far too limited for most
applications.

The main problem is permitting some of the basic builtins (like True,
False, len(), etc), without those objects being used as gateways. Did
you know, for instance, that len.__self__.open() can be used to read
and write files on the file system?

ChrisA
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Executing untrusted scripts in a sandboxed environment

2012-10-06 Thread Mark Lawrence


On 05/10/2012 23:22, Robin Krahl wrote:

Hi all,

I need to execute untrusted scripts in my Python application. To avoid security issues, I want to 
use a sandboxed environment. This means that the script authors have no access to the file system. 
They may only access objects, modules and classes that are flagged or 
approved for scripting.

I read that I will not be able to do this with Python scripts. (See SandboxedPython page 
in the Python wiki [0] and several SE.com questions, e. g. [1].) So my question is: What 
is the best way to embed a script engine in a sandboxed environment that has 
access to the Python modules and classes that I provide?

Thanks for your help.

Best regards,
 Robin

[0] http://wiki.python.org/moin/SandboxedPython
[1] 
http://stackoverflow.com/questions/3068139/how-can-i-sandbox-python-in-pure-python



As good a starting point as any 
http://www.velocityreviews.com/forums/t716131-challenge-escape-from-the-pysandbox.html 
?


Also throw python experimental sandbox into your search engine and 
follow your nose, something might come up smelling of roses :)


--
Cheers.

Mark Lawrence.

--
http://mail.python.org/mailman/listinfo/python-list

Re: Executing untrusted scripts in a sandboxed environment

2012-10-06 Thread Rodrick Brown

On Oct 5, 2012, at 6:32 PM, Robin Krahl m...@robin-krahl.de wrote:

 Hi all,

 I need to execute untrusted scripts in my Python application. To avoid 
 security issues, I want to use a sandboxed environment. This means that the 
 script authors have no access to the file system. They may only access 
 objects, modules and classes that are flagged or approved for scripting.

 I read that I will not be able to do this with Python scripts. (See 
 SandboxedPython page in the Python wiki [0] and several SE.com questions, e. 
 g. [1].) So my question is: What is the best way to embed a script engine 
 in a sandboxed environment that has access to the Python modules and classes 
 that I provide?

Checkout udacity.com I think there is a writeup on stackoverflow on
how they accomplished their sandbox runtime env.


 Thanks for your help.

 Best regards,
Robin

 [0] http://wiki.python.org/moin/SandboxedPython
 [1] 
 http://stackoverflow.com/questions/3068139/how-can-i-sandbox-python-in-pure-python
 --
 http://mail.python.org/mailman/listinfo/python-list
-- 
http://mail.python.org/mailman/listinfo/python-list

Executing untrusted scripts in a sandboxed environment

2012-10-05 Thread Robin Krahl

Hi all,

I need to execute untrusted scripts in my Python application. To avoid security 
issues, I want to use a sandboxed environment. This means that the script 
authors have no access to the file system. They may only access objects, 
modules and classes that are flagged or approved for scripting.

I read that I will not be able to do this with Python scripts. (See 
SandboxedPython page in the Python wiki [0] and several SE.com questions, e. g. 
[1].) So my question is: What is the best way to embed a script engine in a 
sandboxed environment that has access to the Python modules and classes that I 
provide?

Thanks for your help.

Best regards,
Robin

[0] http://wiki.python.org/moin/SandboxedPython
[1] 
http://stackoverflow.com/questions/3068139/how-can-i-sandbox-python-in-pure-python
-- 
http://mail.python.org/mailman/listinfo/python-list

Re: Executing untrusted scripts in a sandboxed environment

Re: Executing untrusted scripts in a sandboxed environment

Re: Executing untrusted scripts in a sandboxed environment

Re: Executing untrusted scripts in a sandboxed environment

Re: Executing untrusted scripts in a sandboxed environment

Re: Executing untrusted scripts in a sandboxed environment

Executing untrusted scripts in a sandboxed environment

7 matches

Site Navigation

Mail list logo

Footer information