Louis Bertrand writes:
Hello,
I'm exploring the idea of having my students submit their programming assignments through a Web dropboxand having those assignments automatically marked by a script that runs the submitted program with pre-arranged test data, catching any boo-boos with exceptions.
Here's the problem: this plan violates the secure programming principle that you should never treat data as code and I might be leaving myself open for some serious malware.
Does anyone have any experience with restricting the privileges of a running Python program?
As a first pass, I would: * run Python in a chroot(2) jail * load the jail with only the bare minimum to run Python and remove networking and os modules (at least). * scan the submitted programs for usage of sys.path.
"Scanning the submitted programs" for anything is always tougher than it sounds. Just looking at that one example, it's easy to disguise a reference to sys.path: import sys as fun forbidden = fun.path or alternatively, a much more complicated approach, import sys, md5 forbidden = eval("sys."+filter(lambda x:md5.md5(x).hexdigest()=='d6fe1d0be6347b8ef2427fa629c04485',dir(sys))[0]) or a way to avoid mentioning the "sys" part: import sys i = "" for i in globals().values(): try: i.getrecursionlimit fooled_you = i.path break except: pass -- Seth David Schoen <schoen@loyalty.org> | Reading is a right, not a feature! http://www.loyalty.org/~schoen/ | -- Kathryn Myronuk http://vitanuova.loyalty.org/ |