Secure embedding of Python

[Tord Jansson]

Hi,

I'm currently examining the possibility to use Python as the scripting
language in a future application where an important issue is security.
Scripts will be produced and run by third parties remotely connected
to the program and we therefore needs to make sure that no python
scripts are able to crash the system and (more importantly) open up
security holes and access confidential data. My knowledge in Python is
currently VERY limited so please excuse me if I ask something silly or
express myself in strange ways.

My main idea is as follows:

1. Produce my own module (in C) for all allowed functionality where we
have made a serious security audit against buffer overflows, incorrect
parameters etc.

2. Lock out the use of any other modules. If not possible in any other
way I can always scan through the script before execution for any
inclusion of other modules.


My questions are:

1. Will this approach effectively lock out access to file-functions
etc or are some dangerous functionality built into the interpreter
itself?

2. Is some necessary functionality (memory allocation for
example)placed in modules which I therefore will have to include?

3. Is there any way to access (read and/or write) raw memory in Python
which might be hard to lock out? Something similar to just giving a
pointer a value and reading from there in C/C++? Writing outside its
own array structures?


I would very much appreciate some expert opinion on these issues
and/or some pointers to documents describing how to achieve secure
embedding of Python (I haven't found any).


Best Regards,

Tord Jansson
Scalado AB