[Python-Dev] Restricted interpreter

Gustavo Niemeyer niemeyer@conectiva.com
Fri, 8 Nov 2002 19:06:56 -0200


> If i were to seriously do something like this i'd try to use 'jails' 
> as found in free-bsd or similar in UserModeLinux (haven't really 
> checked the lattter).  They offer kernel-level sandboxes
> and if your execution runs within them it can't compromise the
> system even if its manages to become the root user.

I'm not planning to work on the whole system. I'll just help them
to integrate python in the framework they already have.

Thank you for your suggestion!

> there is a fine introductory read regarding security granularity and
> about jails:
> 
>     http://docs.freebsd.org/44doc/papers/jail/jail.html

I'll have a look at it, as this is an interesting topic nevertheless.

-- 
Gustavo Niemeyer

[ 2AAC 7928 0FBF 0299 5EB5  60E2 2253 B29A 6664 3A0C ]