[Python-3000] Will we have a true restricted exec environmentfor python-3000?
Adam DePrince
adam.deprince at gmail.com
Mon Apr 10 20:42:38 CEST 2006
On Sun, 2006-04-09 at 18:06 -0700, Neal Norwitz wrote:
> On 4/9/06, Giovanni Bajo <rasky at develer.com> wrote:
> > Neal Norwitz <nnorwitz at gmail.com> wrote:
<snip>
> >>> r.setrlimit(r.RLIMIT_CPU, (5, 5))
> >>> 10000000000000000000**10000000000000000000
> Cputime limit exceeded
>
> To defeat this, you can do: signal.signal(signal.SIGXCPU, signal.SIG_IGN)
> Of course, you would presumably prevent access to the signal module.
> You could then install your own signal handler and handle this how you
> want
> .
Instead of worrying about how to appropriately cripple CPython to
provide a secure sandbox, perhaps we should be reaching towards PyPy for
this answer?
Cheers - Adam
More information about the Python-3000
mailing list