vinjvinj wrote:
Unfortunately this in not an options since all the processes share
objects in memory which are about 1gig for each node. Having a copy of
this in each user process is just not an options. I think I'm going to
use RestrictedPython from zope3 svn which should take care of 70-80
vinjvinj wrote:
2. restrict the amount of memory a module uses as well. For instance
how can I restrict a user from doing a = range(100) or similar
tasks so that my whole compute farm does not come down.
The safest way to do this in unix is to run the model in a separate process,
and
Unfortunately this in not an options since all the processes share
objects in memory which are about 1gig for each node. Having a copy of
this in each user process is just not an options. I think I'm going to
use RestrictedPython from zope3 svn which should take care of 70-80 %
of the problem.
--
vinjvinj wrote:
I have an application which allows multiple users to write models.
These models get distributed on a grid of compute engines. users submit
their models through a web interface. I want to
1. restrict the user from doing any file io, exec, import, eval, etc. I
was thinking of
I have an application which allows multiple users to write models.
These models get distributed on a grid of compute engines. users submit
their models through a web interface. I want to
1. restrict the user from doing any file io, exec, import, eval, etc. I
was thinking of writing a plugin for
On 7 Nov 2005 12:54:40 -0800, vinjvinj [EMAIL PROTECTED] wrote:
I have an application which allows multiple users to write models.
These models get distributed on a grid of compute engines. users submit
their models through a web interface. I want to
1. restrict the user from doing any file io,
vinjvinj [EMAIL PROTECTED] writes:
1. restrict the user from doing any file io, exec, import, eval, etc. I
was thinking of writing a plugin for pylint to do all the checks? Is
this is a good way given that there is no restricted python. What are
the things I should serach for in python code
While I understand 2 is very hard (if not impossible) to do in single
unix process. I'm not sure why 1 would be hard to do. Since I have
complete control to what code I can allow or not allow on my grid. Can
i not just search for certain strings and disallow the model if it
fails certain
vinjvinj [EMAIL PROTECTED] writes:
While I understand 2 is very hard (if not impossible) to do in single
unix process. I'm not sure why 1 would be hard to do. Since I have
complete control to what code I can allow or not allow on my grid. Can
i not just search for certain strings and disallow
vinjvinj wrote:
While I understand 2 is very hard (if not impossible) to do in single
unix process. I'm not sure why 1 would be hard to do. Since I have
complete control to what code I can allow or not allow on my grid. Can
i not just search for certain strings and disallow the model if it
Steven D'Aprano [EMAIL PROTECTED] writes:
I suspect your best bet might be to write a mini-language using
Python, and get your users to use that. You will take a small
performance hit, but security will be very much improved.
What do others think?
That is the only approach that makes any
I'm more worried about incompetent users then malicious users. I'm
going to take the following steps:
1. My users will be paying a decent amount of money to run models on
the compute grid. If they are intentionaly writing malicious code then
their account will be disabled.
2. Since their models
I have so many things to do to get this to production and writing a
mini language would be a full project in itself. :-.
Is there an easy way to do this? If not, I'll go with the steps
outlined in my other post.
vinjvinj
--
http://mail.python.org/mailman/listinfo/python-list
vinjvinj wrote:
I have so many things to do to get this to production and writing a
mini language would be a full project in itself. :-.
Is there an easy way to do this? If not, I'll go with the steps
outlined in my other post.
Do you really think it will be faster to start parsing Python
No. I was hoping to leverage the work done for restricted pythonscript
by zope at:
http://www.zope.org/Control_Panel/Products/PythonScripts/Help/PythonScript.py
which is similar to what I want to do as well.
vinjvinj
--
http://mail.python.org/mailman/listinfo/python-list
vinjvinj [EMAIL PROTECTED] writes:
No. I was hoping to leverage the work done for restricted pythonscript
by zope at:
http://www.zope.org/Control_Panel/Products/PythonScripts/Help/PythonScript.py
How does Pythonscript deal with
xxx = 'x' * 10
as a memory DOS attack?
--
This can not be done at compile time but can be cought at execution
time on linux by the following recipe:
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/307871
vinjvinj
--
http://mail.python.org/mailman/listinfo/python-list
17 matches
Mail list logo
