Securing the Pyton Interpreter?

Peter Hansen peter at engcorp.com
Tue Jul 15 16:28:14 CEST 2003


Stephen VanDahm wrote:
> 
> I'm looking for a way to install Python on a UNIX machine in a way such
> that any user on the system can use it, but only to execute scripts that
> are located in a certain directory.  I do not have root access on the
> machine that will be running Python, so my options are limited.  I thought
> about hacking the Python interpreter itself so that it will examine the
> argument array and exit with an error if the script to be executed isn't
> in the appropriate directory, but this seems pretty risky.  The module
> 'site.py' is imported automatically upon initialization -- I've thought of
> adding the check there instead.  I don't think either of these solutions
> are very elegant.  Is there a better way?

You want something this freaky, *and* you want it elegant?! :-)

Anyway, just go with site.py.  Judging by the name, it's perfectly suited
for the task.

Of course, you know about the -S option, don't you?  And PYTHONPATH?
And PYTHONHOME?  And someone installing their own interpreter? And....

-Peter




More information about the Python-list mailing list