Securing the Pyton Interpreter?
peter at engcorp.com
Tue Jul 15 16:28:14 CEST 2003
Stephen VanDahm wrote:
> I'm looking for a way to install Python on a UNIX machine in a way such
> that any user on the system can use it, but only to execute scripts that
> are located in a certain directory. I do not have root access on the
> machine that will be running Python, so my options are limited. I thought
> about hacking the Python interpreter itself so that it will examine the
> argument array and exit with an error if the script to be executed isn't
> in the appropriate directory, but this seems pretty risky. The module
> 'site.py' is imported automatically upon initialization -- I've thought of
> adding the check there instead. I don't think either of these solutions
> are very elegant. Is there a better way?
You want something this freaky, *and* you want it elegant?! :-)
Anyway, just go with site.py. Judging by the name, it's perfectly suited
for the task.
Of course, you know about the -S option, don't you? And PYTHONPATH?
And PYTHONHOME? And someone installing their own interpreter? And....
More information about the Python-list