[summerofcode] Resurrecting rexec?

Ian Bicking ianb at colorstudy.com
Tue Jun 7 17:48:33 CEST 2005 

Adam Gundry wrote:
> Hi everyone,
> 
> I notice with interest that one of the project ideas on the Wiki 
> involves developing some form of restricted execution system[1] 
> (presumably updating rexec would be the best plan, but I'm not certain 
> how deeply broken it is in the new-style object model, so it might 
> involve a major rewrite).
> 
> I'm quite interested in applying for this project, but it's certainly 
> not an easy task. AFAIK nothing has been done since Guido decided to 
> sabotage both rexec and Bastion because of security concerns.
> 
> Do you think there would be much interest in this, both from prospective 
> mentors and the Python community as a whole? 

There's clearly a lot of people who are interested in this, so I think 
so.  Not me so much, because I know nothing about the details, but I'd 
be awfully suprised if no one was interested in mentoring.  And I think 
if everyone agrees it's important, but no one specifically had it in 
mind when the volunteered to mentor, that someone will step up.  And as 
a mentor you wouldn't even really need to know the details of this 
specific problem, since there's many other aspects to mentoring.  Maybe 
it's even better if, as a mentor, you aren't currently directly involved 
in the project you are mentoring -- otherwise it may be hard to step back.

> Reading the discussions on 
> python-dev[2] it looks as if an all-or-nothing solution is desired, but 
> I don't think that's ever likely to happen. Is it worth working on a 
> project that asymptotically approaches that security? Perhaps more 
> significantly, do I have any chance at getting a mentor if I propose to 
> do so?

Well, there does exist a reasonably (?) effective restricted execution 
environment inside of Zope.  Extracting that, even if the result isn't 
really what people want, would be useful -- as it is, I don't think 
people outside of the Zope world (or maybe even inside it) really 
understand the good or bad of that system.

But anyway, it clearly is a hard problem, and you shouldn't give a goal 
of "making rexec work", because there's a good chance you won't get 
there.  Instead, I would make experimentation and documentation a big 
part of the goal.  Start with summarizing the problems with rexec and 
Bastian -- you can get all that from mailing lists, but I don't know if 
it is fully summarized in any one place.  Write tests -- this is all 
very conducive to testing, and the summary you wrote should give you 
lots of failing tests to work on.  Try to fix one or two.  Analyze what 
you changed, repeat, refactor, rewrite, etc.  Document all your dead 
ends, not just your successes.

The benefit to the community will be largely in the artifacts you leave 
behind (assuming you don't actually resolve the problem), so being 
transparent and explicit about what you are doing is important.

-- 
Ian Bicking  /  ianb at colorstudy.com  /  http://blog.ianbicking.org

More information about the summerofcode mailing list