[Python-3000] Will we have a true restricted exec environment for python-3000?

Neal Norwitz nnorwitz at gmail.com
Sun Apr 9 03:18:13 CEST 2006 

On 4/7/06, Vineet Jain <vinj at alumni.rice.edu> wrote:
> to have a python restricted exec mode which allows for:
>
> 1. Limit the memory consumed by the script
> 2. Limit access to file system and other system resources
> 3. Limit cpu time that the script will take
> 4. Be able to specify which modules are available for import

I don't think any of these issues are necessarily 3k only.

I will probably implement #1 (or perhaps find someone to do it).  I
think it is useful to limit memory and should be pretty easy to do.  I
started thinking about this a few weeks ago.  I probably won't get
around to it before 2.5 goes final.  Without thinking much, I expect
this would be a special build (ie, require a compile time flag to
activate).

#3 is easy to do a simple, naive implementation.  I don't know what
your needs are. If you just want to say "exit this script if it ran
more than N seconds" you can just modify the eval loop (*).  But I
suspect there are many more features that would be required and it's
not so simple.

As other people have discussed in this thread, the others are very
difficult in total.  No one has volunteered to help lead such a task. 
It would be great if you found a bunch of interested people and were
able to complete all of your ideas.

n
--
(*) here's the naive impl.  You could use cpu time instead of wall
time if you wanted.  Making this a real patch is left as an exercise
to the reader.

Index: Python/ceval.c
===================================================================
--- Python/ceval.c      (revision 43738)
+++ Python/ceval.c      (working copy)
@@ -16,6 +16,8 @@

 #include <ctype.h>

+static time_t stop_time = 0;
+
  #ifndef WITH_TSC

 #define READ_TIMESTAMP(var)
@@ -744,6 +746,9 @@
        assert(stack_pointer != NULL);
        f->f_stacktop = NULL;   /* remains NULL unless yield suspends frame */

+       /* XXX: This is just here to initialize.  It should be elsewhere. */
+       if (!stop_time)
+               stop_time = time(NULL) + 5;
  #ifdef LLTRACE
        lltrace = PyDict_GetItemString(f->f_globals, "__lltrace__") != NULL;
  #endif
@@ -842,6 +847,11 @@
                }

        fast_next_opcode:
+               if (stop_time < time(NULL)) {
+                       fprintf(stderr, "Exceeded maximum time allowed.\n");
+                       exit(1);
+               }
+
                f->f_lasti = INSTR_OFFSET();

                /* line-by-line tracing support */

More information about the Python-3000 mailing list