embedded python

Stefan Seefeld seefelds at magellan.umontreal.ca
Fri Aug 4 16:28:28 EDT 2000 

Andrew Kuchling wrote:
> 
> On Fri, Aug 04, 2000 at 01:34:50PM -0400, Stefan Seefeld wrote:
> >I'm working on the berlin project. What I envision is
> >the possibility to send the server some python script
> >for example as execution block of a command which is
> >being instantiated remotely from within clients.
> 
> Does this application have to guard against untrusted code, whether
> inserted by an eavesdropper or from a malicious client?  That might be
> hard, since there's no very good way to defend against something like:
> 
> while 1: pass

indeed. I don't know how to solve that. While it doesn't make the server
hang, just the thread which serves this client / request, the problem is
just elsewhere: massive CPU load.

But yes, the problem is that we want to allow clients to remotely program
the server (like netscape/js). That's precisely the reason I ask for
advice about how to restrict the context the client code is seeing.

> This will loop forever, making the server hang.  There are also some
> recursive comparisons that can cause core dumps through filling up the
> stack.

right. Are there any means by which I can

* limit the stack/ heap size from within the server ?
* guarantee that the interpreter won't core dump

Else I should possibly consider running the interpreter in a coprocess.
But then, how can it efficiently communicate with the server runtime
environment ?

> If you want to embed the interpreter, see the Extending/Embedding
> documentation at http://www.python.org/doc/ext/.  Basically you simply
> have to call Py_Initialize() to set up the interpreter, and then you
> can perform Python statements using PyRun_SimpleString(), so you could
> have a bunch of PyRun_SimpleString() calls that do "import berlin;
> color_depth = <whatever> ; ...".

yeah, on this level I understand how to do it. My concerns are more
about security and how to create a very specific environment for the
code to be executed server side.

Regards,	Stefan
_______________________________________________________              
              
Stefan Seefeld
Departement de Physique
Universite de Montreal
email: seefelds at magellan.umontreal.ca

_______________________________________________________

      ...ich hab' noch einen Koffer in Berlin...

More information about the Python-list mailing list