[Python-Dev] Restricted interpreter

Chad Netzer cnetzer@mail.arc.nasa.gov
Fri, 8 Nov 2002 12:40:24 -0800


On Friday 08 November 2002 12:04, Gustavo Niemeyer wrote:
> This weekend I'm going to work on a "restricted" python interpreter for
> http://acm.uva.es/problemset/. 

Not that I want to discourage what could possibly be a useful effort; but 
perhaps you would be better off creating a restricted environment under which 
Python is run?

What I mean is, for each run of python, the operating system environment 
would be setup so that everyone is isolated and can't do damage (except to 
their own limited environment).

There are a number of ways to do this under (for example) modern Unix 
systems.  I had considered setting up just such an environment for Python on 
Linux, using "User Mode Linux".  Then, I could make an interactive python 
tutorial on the web, and anyone running it would think they had there own 
separate Linux environment (sockets, files, etc), but would in fact be 
running under a virtual environment that was fully isolated.  They could 
change things, and try them out in the tutorial (with online feedback), and I 
could be assured they weren't abusing my machine (and I could enforce time 
limits, or CPU and memory usage, etc.)

There are other ways of doing it with a virtual machine (using VMware, or 
Bochs, or Plex86).  On FreeBSD you could probably use the 'jail()' call to 
launch your Python interpreter.   There may be other such resources for 
Solaris, or Windows NT (suggestions?)

I mention this because I will almost guarantee it is a LOT less work than 
what you would have to do to make a "restricted" Python (as well as being 
maintained and tested already).  In addition, depending on the machine 
resources and type of virtual environment, it may not be all that much more 
resource intensive.

-- 

Chad Netzer
cnetzer@mail.arc.nasa.gov