Here's some proof of concept code I wrote a while back for this very
purpose. What I do is use compiler.parse to take a code string and
turn it into an abstract syntax tree. Then, using a custom visitor
object that raises an exception if it comes across something it
doesn't like, I use
Hi All,
I'm trying to build a secure execution environment for bits of python
for two reasons:
- to allow users of the system to write scripts in python without
circumventing the application's security model
- to allow the system to have an environment where security is handled
without
Chris Withers wrote:
Hi All,
I'm trying to build a secure execution environment for bits of python
for two reasons:
- to allow users of the system to write scripts in python without
circumventing the application's security model
- to allow the system to have an environment where
maybe using import hooks?
http://www.python.org/dev/peps/pep-0302/
--
http://mail.python.org/mailman/listinfo/python-list
Alberto Berti wrote:
maybe using import hooks?
http://www.python.org/dev/peps/pep-0302/
I don't think so. Anyone can hook the import statement. And this is just
one reason. Some objects are built in. For example, file(). How can you
restrict file creation? I believe that there is no safe
Laszlo Nagy wrote:
Once upon a time, there has been a module called bastillon (am I
right?) and rexec (restricted execution environment) but they were not
really secure. It was a long time ago. Python is very flexible, and
interpreted and it is hard to prevent the users from importing
Alberto Berti wrote:
maybe using import hooks?
http://www.python.org/dev/peps/pep-0302/
Well, as Lazlo reminded me, there are also plenty of builtins that are
problematic... although hopefully providing a limited set of contents
for the global and local namespaces could solve that?
But,
On 19 Nov, 11:16, Chris Withers [EMAIL PROTECTED] wrote:
Hi All,
I'm trying to build a secure execution environment for bits of python
for two reasons:
- to allow users of the system to write scripts in python without
circumventing the application's security model
- to allow the system to
On 19 Nov, 12:16, Chris Withers [EMAIL PROTECTED] wrote:
I'm trying to build a secure execution environment for bits of python
for two reasons:
[...]
Have other people bumped into this problem?
What solutions do people recommend?
It might be worth looking at these pages for some
Paul Boddie wrote:
http://wiki.python.org/moin/SandboxedPython
http://wiki.python.org/moin/How_can_I_run_an_untrusted_Python_script_safely_%28i%2ee%2e_Sandbox%29
Yeah, from this I'm pretty much set on:
http://pypi.python.org/pypi/RestrictedPython/
I know it's pretty bulletproof (I've been
10 matches
Mail list logo
