[Python-Dev] Re: Whither rexec?

[A.M. Kuchling]

Guido van Rossum wrote:
> See my recent checkins and what I just sent to python-announce (not
> sure when the moderator will get to it):

Back in December I reduced the "Restricted Execution" HOWTO
to a warning not to use rexec.  This morning, perhaps because of Guido's 
announcement, I've gotten two e-mails from users of the module asking 
for more details, both sounding a bit desperate for alternatives. 
Doubtless more rexec users will come out of the woodwork as a result.

I'd like to add some suggested alternatives; any suggestions?  People 
could run untrusted code inside a chroot()'ed jail; are there any 
packages that help with this?

If the application uses Bastion to let untrusted code access various 
Python objects, things get really tough; the only option might be to 
redesign the whole application to expose some socket-based interface to 
those objects, and then run jailed code that can talk to only that 
socket.  (Completely redesigning applications that rely on running
untrusted code is probably a good idea in any event.)

--amk