embedded python
Stefan Seefeld
seefelds at magellan.umontreal.ca
Fri Aug 4 16:28:28 EDT 2000
Andrew Kuchling wrote:
>
> On Fri, Aug 04, 2000 at 01:34:50PM -0400, Stefan Seefeld wrote:
> >I'm working on the berlin project. What I envision is
> >the possibility to send the server some python script
> >for example as execution block of a command which is
> >being instantiated remotely from within clients.
>
> Does this application have to guard against untrusted code, whether
> inserted by an eavesdropper or from a malicious client? That might be
> hard, since there's no very good way to defend against something like:
>
> while 1: pass
indeed. I don't know how to solve that. While it doesn't make the server
hang, just the thread which serves this client / request, the problem is
just elsewhere: massive CPU load.
But yes, the problem is that we want to allow clients to remotely program
the server (like netscape/js). That's precisely the reason I ask for
advice about how to restrict the context the client code is seeing.
> This will loop forever, making the server hang. There are also some
> recursive comparisons that can cause core dumps through filling up the
> stack.
right. Are there any means by which I can
* limit the stack/ heap size from within the server ?
* guarantee that the interpreter won't core dump
Else I should possibly consider running the interpreter in a coprocess.
But then, how can it efficiently communicate with the server runtime
environment ?
> If you want to embed the interpreter, see the Extending/Embedding
> documentation at http://www.python.org/doc/ext/. Basically you simply
> have to call Py_Initialize() to set up the interpreter, and then you
> can perform Python statements using PyRun_SimpleString(), so you could
> have a bunch of PyRun_SimpleString() calls that do "import berlin;
> color_depth = <whatever> ; ...".
yeah, on this level I understand how to do it. My concerns are more
about security and how to create a very specific environment for the
code to be executed server side.
Regards, Stefan
_______________________________________________________
Stefan Seefeld
Departement de Physique
Universite de Montreal
email: seefelds at magellan.umontreal.ca
_______________________________________________________
...ich hab' noch einen Koffer in Berlin...
More information about the Python-list
mailing list