Secure embedding of Python

[Paul Rubin]

Take a look at the rexec/Bastion documentation.  It lets you run Python
applets in a secure container.  However, you shouldn't rely on the
interpreter itself being bug free.  It's possible that a sneaky enough
applet can find a way out of the Bastion container and run native code.

So you should make sure that your server that runs the applets is running
as a non-privileged user, in a chroot cage with no access to the rest
of the file system.  If the applet has to access objects containing
secure data, use a remote object scheme to put the secure data in a
separate Unix procecss communicating with the applet through sockets.

I've written an encryption class that works like that (encryption keys
are generated and saved in a separate process from the caller), which
I'll be posting soon--it might be useful as an example, though the
implementation isn't that great.