sandboxing python code

[Peter Hansen]

"ben at transversal.com" wrote:
> 
> I've recently (6 months or so) been converted to Python, and so have
> become an avid reader of this newgroup. One thing that has been brought up
> occasionally by other people, but never has really been answered
> satisfactorily is the problem of running untrusted code.
> 
> I have been interested in writing a web based program where some "clients"
> would be able to enter code via a web interface which would then be
> executed on the server machines. Obviously I don't trust this code, so I
> want not only to be able to stop people from importing unwanted libraries,
> but also from writing infinite loops or using up infinite memory. There
> are a couple of ways I can think of doing this:
[snip]
> Thanks for taking the time to read this.

More information about the types of "clients" and the nature of the
application would be helpful.  Are these users authenticated with
a password of some kind?  Is the application going to have some kind
of full access to the computer, or can it be run in its own sandbox?

What would happen if you were to log uploaded code along with the user
who uploaded it and simply blacklist that user if he/she/it abused
the privilege of access to your server?

Also, have you considered what other systems do in such cases?  What
would you do on a Java system to prevent DOS or memory attacks?

I think the answers to these sorts of questions could be quite 
instructive in guiding you to an appropriate solution.  Usually the
solution can be less all-encompassing than you might have thought at
first.

-Peter