Timothy J. Wood
tjw at omnigroup.com
Sat Oct 19 06:59:48 CEST 2002
On Friday, October 18, 2002, at 08:16 PM, Erik Max Francis wrote:
> But how would these security implications be any different from such a
> user downloading and installing _any_ old software on their machine?
> Software is software, if you're downloading, installing, and running
> software on your own machine you have to take some responsibility for
Natively running software has access to full OS services. This would
not. As I said before, I would remove from the Python runtime all
direct OS services that could be security problems and route them
through my own game-specific APIs.
> After all, someone could (by other means) have a compromised system
> where the Python interpreter has been replaced such that innocuous
> scripts turn malicious. That's hardly something you should take into
> account when writing Python software, however.
I'm talking about an embedded interpreter, so the user's normal
Python installation (probably none) is not an issue.
> As I said, if you're looking for some minimal protection, see the rexec
> module. I suspect you're chasing a ghost, though.
I will probably look more at rexec.
But in general terms, you can think of this just like running a Java
applet in a web browser. With a properly implemented web browser and
JVM combination, running Java applets is safe. Likewise, I want to
remove all the direct OS services from Python and hook them up to
services I will provide (which will also disallow insecure operations
and as many DoS attacks as possible).
More information about the Python-list