Re: Executing untrusted scripts in a sandboxed environment
On Sat, Oct 6, 2012 at 8:22 AM, Robin Krahl m...@robin-krahl.de wrote: Hi all, I need to execute untrusted scripts in my Python application. To avoid security issues, I want to use a sandboxed environment. This means that the script authors have no access to the file system. They may only access objects, modules and classes that are flagged or approved for scripting. I read that I will not be able to do this with Python scripts. (See SandboxedPython page in the Python wiki [0] and several SE.com questions, e. g. [1].) So my question is: What is the best way to embed a script engine in a sandboxed environment that has access to the Python modules and classes that I provide? With extreme difficulty. A while back (couple years maybe? I don't remember), I ignored everyone's warnings and tried to make a sandboxed Python, embedded in a C++ application. It failed in sandboxing. With just some trivial tinkering using Python's introspection facilities, a couple of python-list people managed to read and write files, and other equally dangerous actions. Shortly thereafter, we solved the problem completely... by switching to JavaScript. Embedding CPython in an application simply doesn't afford sandboxing. To what extent do you actually need to run untrusted Python? Can you, for instance, sandbox the entire process (which wasn't an option for what we were doing)? Perhaps chrooting the Python interpreter will do what you need. But there may still be leaks, I don't know. ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Executing untrusted scripts in a sandboxed environment
On Saturday, 6 October 2012 04:00:08 UTC+5:30, Robin Krahl wrote: Hi all, I need to execute untrusted scripts in my Python application. To avoid security issues, I want to use a sandboxed environment. This means that the script authors have no access to the file system. They may only access objects, modules and classes that are flagged or approved for scripting. I read that I will not be able to do this with Python scripts. (See SandboxedPython page in the Python wiki [0] and several SE.com questions, e. g. [1].) So my question is: What is the best way to embed a script engine in a sandboxed environment that has access to the Python modules and classes that I provide? Thanks for your help. Best regards, Robin [0] http://wiki.python.org/moin/SandboxedPython [1] http://stackoverflow.com/questions/3068139/how-can-i-sandbox-python-in-pure-python From http://wiki.python.org/moin/SandboxedPython The Java and CLR/.NET runtimes support restricted execution, and these can be utilised through the Jython and IronPython variants of Python (as well as by other languages, obviously). You can also check out http://doc.pypy.org/en/latest/sandbox.html for PyPy's sandbox -- http://mail.python.org/mailman/listinfo/python-list
Re: Executing untrusted scripts in a sandboxed environment
On Saturday, 6 October 2012 12:49:29 UTC+5:30, Chris Angelico wrote: On Sat, Oct 6, 2012 at 8:22 AM, Robin Krahl m...@robin-krahl.de wrote: Hi all, I need to execute untrusted scripts in my Python application. To avoid security issues, I want to use a sandboxed environment. This means that the script authors have no access to the file system. They may only access objects, modules and classes that are flagged or approved for scripting. I read that I will not be able to do this with Python scripts. (See SandboxedPython page in the Python wiki [0] and several SE.com questions, e. g. [1].) So my question is: What is the best way to embed a script engine in a sandboxed environment that has access to the Python modules and classes that I provide? With extreme difficulty. A while back (couple years maybe? I don't remember), I ignored everyone's warnings and tried to make a sandboxed Python, embedded in a C++ application. It failed in sandboxing. With just some trivial tinkering using Python's introspection facilities, a couple of python-list people managed to read and write files, and other equally dangerous actions. Shortly thereafter, we solved the problem completely... by switching to JavaScript. Embedding CPython in an application simply doesn't afford sandboxing. To what extent do you actually need to run untrusted Python? Can you, for instance, sandbox the entire process (which wasn't an option for what we were doing)? Perhaps chrooting the Python interpreter will do what you need. But there may still be leaks, I don't know. ChrisA Something like ast.literal_eval may be useful. -- http://mail.python.org/mailman/listinfo/python-list
Re: Executing untrusted scripts in a sandboxed environment
On Sat, Oct 6, 2012 at 7:10 PM, Ramchandra Apte maniandra...@gmail.com wrote: On Saturday, 6 October 2012 12:49:29 UTC+5:30, Chris Angelico wrote: On Sat, Oct 6, 2012 at 8:22 AM, Robin Krahl m...@robin-krahl.de wrote: What is the best way to embed a script engine in a sandboxed environment that has access to the Python modules and classes that I provide? With extreme difficulty. Something like ast.literal_eval may be useful. Not really; it's hardly sufficient. That sort of feature is handy for making an expression evaluator; for instance, you could implement a powerful calculator with it. But it's far too limited for most applications. The main problem is permitting some of the basic builtins (like True, False, len(), etc), without those objects being used as gateways. Did you know, for instance, that len.__self__.open() can be used to read and write files on the file system? ChrisA -- http://mail.python.org/mailman/listinfo/python-list
Re: Executing untrusted scripts in a sandboxed environment
On 05/10/2012 23:22, Robin Krahl wrote: Hi all, I need to execute untrusted scripts in my Python application. To avoid security issues, I want to use a sandboxed environment. This means that the script authors have no access to the file system. They may only access objects, modules and classes that are flagged or approved for scripting. I read that I will not be able to do this with Python scripts. (See SandboxedPython page in the Python wiki [0] and several SE.com questions, e. g. [1].) So my question is: What is the best way to embed a script engine in a sandboxed environment that has access to the Python modules and classes that I provide? Thanks for your help. Best regards, Robin [0] http://wiki.python.org/moin/SandboxedPython [1] http://stackoverflow.com/questions/3068139/how-can-i-sandbox-python-in-pure-python As good a starting point as any http://www.velocityreviews.com/forums/t716131-challenge-escape-from-the-pysandbox.html ? Also throw python experimental sandbox into your search engine and follow your nose, something might come up smelling of roses :) -- Cheers. Mark Lawrence. -- http://mail.python.org/mailman/listinfo/python-list
Re: Executing untrusted scripts in a sandboxed environment
On Oct 5, 2012, at 6:32 PM, Robin Krahl m...@robin-krahl.de wrote: Hi all, I need to execute untrusted scripts in my Python application. To avoid security issues, I want to use a sandboxed environment. This means that the script authors have no access to the file system. They may only access objects, modules and classes that are flagged or approved for scripting. I read that I will not be able to do this with Python scripts. (See SandboxedPython page in the Python wiki [0] and several SE.com questions, e. g. [1].) So my question is: What is the best way to embed a script engine in a sandboxed environment that has access to the Python modules and classes that I provide? Checkout udacity.com I think there is a writeup on stackoverflow on how they accomplished their sandbox runtime env. Thanks for your help. Best regards, Robin [0] http://wiki.python.org/moin/SandboxedPython [1] http://stackoverflow.com/questions/3068139/how-can-i-sandbox-python-in-pure-python -- http://mail.python.org/mailman/listinfo/python-list -- http://mail.python.org/mailman/listinfo/python-list
Executing untrusted scripts in a sandboxed environment
Hi all, I need to execute untrusted scripts in my Python application. To avoid security issues, I want to use a sandboxed environment. This means that the script authors have no access to the file system. They may only access objects, modules and classes that are flagged or approved for scripting. I read that I will not be able to do this with Python scripts. (See SandboxedPython page in the Python wiki [0] and several SE.com questions, e. g. [1].) So my question is: What is the best way to embed a script engine in a sandboxed environment that has access to the Python modules and classes that I provide? Thanks for your help. Best regards, Robin [0] http://wiki.python.org/moin/SandboxedPython [1] http://stackoverflow.com/questions/3068139/how-can-i-sandbox-python-in-pure-python -- http://mail.python.org/mailman/listinfo/python-list