[Python-3000] Will we have a true restricted exec environment for python-3000?
Chaz.
eprparadocs at gmail.com
Mon Apr 10 13:31:16 CEST 2006
For a rather large application I am writing and will be running for a
commercial service, I ran into the restricted environment problem. I had
looked at the CPython code and concluded it would be a rather large job
to secure it (if I had the time and the intimate understanding). Instead
I opted for a cheap approach: 'chroot' the execution.
To get around the issue of files and directories I need to access, I use
the 'bind' version of mount. This allows me to mount just those specific
subdirectories I need. I mount them r/o (if I need to protect them).
I have thought the approach would work to make a plug-in for Firefox,
though lacking the time and the knowledge has stopped me from experimenting.
I know it won't work directly under Windows, but I know I don't care.
FWIW,
Chuck Wegrzyn
More information about the Python-3000
mailing list