[Python-checkins] r54897 - python/branches/bcannon-objcap/BRANCH_NOTES python/branches/bcannon-objcap/secure_python.c
brett.cannon
python-checkins at python.org
Sat Apr 21 01:54:39 CEST 2007
Author: brett.cannon
Date: Sat Apr 21 01:54:38 2007
New Revision: 54897
Added:
python/branches/bcannon-objcap/secure_python.c (contents, props changed)
Modified:
python/branches/bcannon-objcap/BRANCH_NOTES
Log:
Begin a proof-of-concept app that embeds the Python interpreter in a secure
fashion.
Need to move changes made in Py_Initialize() over to the embedded app so that
proper building of Python and all extensions can occur.
Modified: python/branches/bcannon-objcap/BRANCH_NOTES
==============================================================================
--- python/branches/bcannon-objcap/BRANCH_NOTES (original)
+++ python/branches/bcannon-objcap/BRANCH_NOTES Sat Apr 21 01:54:38 2007
@@ -6,12 +6,15 @@
======
Status
======
-Working on an interpreter-wide security model for Python. This is not a
-replacement for rexec but should allow someone who embeds Python to be able to
-execute Python code safely.
+* Create app that embeds Python
+ + Move changes in Py_Initialize() to app.
+* Remove dangerous built-ins.
+* Turn on whitelisting.
+* Write tests.
==========
References
==========
* securing_python.txt
* http://docs.google.com/Doc?id=dg7fctr4_4d8tdbq
+* http://www.cs.ubc.ca/~drifty/papers/python_security.pdf
Added: python/branches/bcannon-objcap/secure_python.c
==============================================================================
--- (empty file)
+++ python/branches/bcannon-objcap/secure_python.c Sat Apr 21 01:54:38 2007
@@ -0,0 +1,17 @@
+/*
+ Proof-of-concept application that embeds Python with security features
+ turned on to prevent unmitigated access to resources.
+
+ XXX See BRANCH_NOTES for what needs to be done.
+*/
+#include "Python.h"
+
+int
+main(int argc, char *argv[])
+{
+ Py_Initialize();
+ Py_Main(argc, argv);
+ Py_Finalize();
+
+ return 0;
+}
More information about the Python-checkins
mailing list