Secure embedding of Python

chris liechti cliechti at no.spam.gmx.net
Thu Sep 27 14:09:11 EDT 2001 

tordj at scalado.com (Tord Jansson) wrote in 
news:605d9ec1.0109270117.4bb31eb4 at posting.google.com:

> Hi,
> 
> I'm currently examining the possibility to use Python as the scripting
> language in a future application where an important issue is security.
> Scripts will be produced and run by third parties remotely connected
> to the program and we therefore needs to make sure that no python
> scripts are able to crash the system and (more importantly) open up
> security holes and access confidential data. My knowledge in Python is
> currently VERY limited so please excuse me if I ask something silly or
> express myself in strange ways.
> 
> My main idea is as follows:
> 
> 1. Produce my own module (in C) for all allowed functionality where we
> have made a serious security audit against buffer overflows, incorrect
> parameters etc.
> 
> 2. Lock out the use of any other modules. If not possible in any other
> way I can always scan through the script before execution for any
> inclusion of other modules.
> 
> 
> My questions are:
> 
> 1. Will this approach effectively lock out access to file-functions
> etc or are some dangerous functionality built into the interpreter
> itself?

all the functions that are built in are in the module "__builtins__" which 
is imported implicitly at the beginning of every script. you could modify 
this module and remove the "open" function that allows file access.

note that some modules like "os" and "sys" are staticaly linked into the 
python interpreter. you would like to exclude these modules (especialy 
because of "os.system"). some replacement for "sys.exit" and maybe other 
functions of that modules could be useful.
 
> 2. Is some necessary functionality (memory allocation for
> example)placed in modules which I therefore will have to include?

not that i know, except some functions and variables provided by "sys" e.g. 
"sys.exit()", "print" uses "sys.stdout", maybe others.
 
> 3. Is there any way to access (read and/or write) raw memory in Python
> which might be hard to lock out? Something similar to just giving a
> pointer a value and reading from there in C/C++? Writing outside its
> own array structures?

never seen such code. it would cause segmentation faults on linux and thats 
realy not desired.

> I would very much appreciate some expert opinion on these issues
> and/or some pointers to documents describing how to achieve secure
> embedding of Python (I haven't found any).

have you looked at the module "rexec"? this module provides most of the 
things that you look for. but don't ask me if its 100% secure.
 
> 
> Best Regards,
> 
> Tord Jansson
> Scalado AB
> 


-- 
chris <cliechti at gmx.net>

More information about the Python-list mailing list