[Python-Dev] Re: Whither rexec?

Kevin Jacobs jacobs@penguin.theopalgroup.com
Wed, 8 Jan 2003 09:38:17 -0500 (EST) 

On Wed, 8 Jan 2003, A.M. Kuchling wrote:
> Guido van Rossum wrote:
> > See my recent checkins and what I just sent to python-announce (not
> > sure when the moderator will get to it):
> 
> Back in December I reduced the "Restricted Execution" HOWTO
> to a warning not to use rexec.  This morning, perhaps because of Guido's 
> announcement, I've gotten two e-mails from users of the module asking 
> for more details, both sounding a bit desperate for alternatives. 
> Doubtless more rexec users will come out of the woodwork as a result.

This also deeply affects Pl/Python, the embedded Python interpreter in
PostgreSQL.  It runs in a "trusted mode" via a restricted execution
environment.  I'll drop a note to the other developers about this, so we can
figure out what to do.  The simple solution is to simply make Pl/Python an
untrusted language, though I'm sure that won't be popular.

As for fixing the problems in the Python core -- I'm willing to tentatively
volunteer in the effort.  I am certainly not committing to doing it all
myself!  However, I am happy to coordinate, code, manage design docs and
validation suites, and generally keep things going.  Anything more than that
depends on how much help, support, real code, and testing I get from other
volunteers.

My first challenge to python-dev. Answer this:

  It has been said that the previous rexec functionality was ad hoc and
  brittle, and many better solutions are possible.  What better alternatives
  exist in terms of features offered, overall runtime performance, ease of
  maintenance, and validation?

More complete answers should address many, if not all, of the following
subjects:

  Proxy objects              -- making unsafe objects safe(r)
  Restricted environments    -- limiting access to system resources
  Restricted introspection   -- limiting the amount of information
                                obtainable from exposed objects and
                                environment
  Tainting                   -- tracking trusted status of objects
  Security policy management -- Configuration of how security mechanisms are
                                applied

Regards,
-Kevin Jacobs

--
Kevin Jacobs
The OPAL Group - Enterprise Systems Architect
Voice: (216) 986-0710 x 19         E-mail: jacobs@theopalgroup.com
Fax:   (216) 986-0714              WWW:    http://www.theopalgroup.com