[Python-3000] Will we have a true restricted exec environmentfor python-3000?
Neal Norwitz
nnorwitz at gmail.com
Mon Apr 10 03:06:48 CEST 2006
On 4/9/06, Giovanni Bajo <rasky at develer.com> wrote:
> Neal Norwitz <nnorwitz at gmail.com> wrote:
>
> > #3 is easy to do a simple, naive implementation. I don't know what
> > your needs are. If you just want to say "exit this script if it ran
> > more than N seconds" you can just modify the eval loop (*). But I
> > suspect there are many more features that would be required and it's
> > not so simple.
>
> Yeah. I think of rexec as a way to safely eval expressions / exec statements
> provided by users without the risk of DOSing the machine executing them. And
> your solution doesn't handle things like
> 10000000000000000000**10000000000000000000.
Right, that's my point and was discussed elsewhere in this thread.
Though this issue is also easy to solve on most Unixes and can be done
today in pure python:
>>> import resource as r
>>> r.setrlimit(r.RLIMIT_CPU, (5, 5))
>>> 10000000000000000000**10000000000000000000
Cputime limit exceeded
To defeat this, you can do: signal.signal(signal.SIGXCPU, signal.SIG_IGN)
Of course, you would presumably prevent access to the signal module.
You could then install your own signal handler and handle this how you
want.
There are so many variations on this. I don't know what a general
purpose solution would look like. I can imagine many specific
solutions. If anyone wants something like this implemented, patches
are always greatly appreciated. Unless if someone puts effort into
solving this, it won't get done. The only people in a position to
solve this are people with a need.
n
More information about the Python-3000
mailing list