[Python-Dev] Restricted interpreter
Fri, 8 Nov 2002 21:19:59 +0100
Gustavo Niemeyer wrote:
> This weekend I'm going to work on a "restricted" python interpreter for
> http://acm.uva.es/problemset/. That site offers online programming
> contests, including an online judge to check algorithm implementations
> for hundreds of problems. I belive it'd be nice for the Python community
> to have access to something like that.
> This interpreter should have limited functionality so that malicious users
> won't be able to access the filesystem, sockets, and other "dangerous"
If i were to seriously do something like this i'd try to use 'jails'
as found in free-bsd or similar in UserModeLinux (haven't really
checked the lattter). They offer kernel-level sandboxes
and if your execution runs within them it can't compromise the
system even if its manages to become the root user.
there is a fine introductory read regarding security granularity and