python sandbox

Uwe Schmitt uwe.schmitt at procoders.net
Sat Jan 25 00:51:05 CET 2003


Levente Sandor <sandorlevi at yahoo.com> wrote:
> Uwe Schmitt <uwe.schmitt at procoders.net> wrote in message news:<b0ougt$111ko7$1 at hades.rz.uni-sb.de>...
>> Hi,
>> 
>> I wrote a simple sandbox for executing pyhton code in a
>> restricted environment.
>> The code can be downloaded from 
>> http://www.procoders.net/download.php?fname=SandBox.py
>> I appreciate any comments. I'm especially interested if
>> my restrictions are secure or if they can be circumvented.
>> 
>> 
>> Greetings, Uwe.

> Are there any advantages of your code versus the rexec module?

It was more some kind of exercise.... 
the concept is quite simple (if it works :-), but many fine grained
restrictions have to be done by the user: my code only restricts 
the acess to objects and their memebers, so if one wants to
allow reading of files, but not writing, one has to wrap this functionality 
in a small class, and pass this class to SandBox.py.  Maybe thats in some 
cases a bit of work, but the concept is quite simple, so that most users
understand what SandBox.py does for them. And: simplicty can lead to higher
security.  (again: if the concept works...).

As it is discussed in another thread, it is not possible to
protect you from code like "while 1:pass".
And protection from high memory consumption can only be done
by catching the Memory exception.
The reason is the "exec" command, which can't be controlled from
outside.

Starting point was a tool for fitting functions to given data,
with the possibility to allow the user to define own functions,
which are not included in math / cmath.

Greetings, Uwe.


-- 
Dr. rer. nat. Uwe Schmitt      Computer science is no more about Computers,
uwe.schmitt at num.uni-sb.de      than astronomy is about telescopes. (Dijkstra)
http://www.procoders.net           




More information about the Python-list mailing list