python sandbox
Uwe Schmitt
uwe.schmitt at procoders.net
Fri Jan 24 18:51:05 EST 2003
Levente Sandor <sandorlevi at yahoo.com> wrote:
> Uwe Schmitt <uwe.schmitt at procoders.net> wrote in message news:<b0ougt$111ko7$1 at hades.rz.uni-sb.de>...
>> Hi,
>>
>> I wrote a simple sandbox for executing pyhton code in a
>> restricted environment.
>> The code can be downloaded from
>> http://www.procoders.net/download.php?fname=SandBox.py
>> I appreciate any comments. I'm especially interested if
>> my restrictions are secure or if they can be circumvented.
>>
>>
>> Greetings, Uwe.
> Are there any advantages of your code versus the rexec module?
It was more some kind of exercise....
the concept is quite simple (if it works :-), but many fine grained
restrictions have to be done by the user: my code only restricts
the acess to objects and their memebers, so if one wants to
allow reading of files, but not writing, one has to wrap this functionality
in a small class, and pass this class to SandBox.py. Maybe thats in some
cases a bit of work, but the concept is quite simple, so that most users
understand what SandBox.py does for them. And: simplicty can lead to higher
security. (again: if the concept works...).
As it is discussed in another thread, it is not possible to
protect you from code like "while 1:pass".
And protection from high memory consumption can only be done
by catching the Memory exception.
The reason is the "exec" command, which can't be controlled from
outside.
Starting point was a tool for fitting functions to given data,
with the possibility to allow the user to define own functions,
which are not included in math / cmath.
Greetings, Uwe.
--
Dr. rer. nat. Uwe Schmitt Computer science is no more about Computers,
uwe.schmitt at num.uni-sb.de than astronomy is about telescopes. (Dijkstra)
http://www.procoders.net
More information about the Python-list
mailing list