sandboxing python code
jack at performancedrivers.com
Tue Jun 3 15:30:21 CEST 2003
On Tue, Jun 03, 2003 at 09:32:55AM -0000, Moshe Zadka wrote:
> On 3 Jun 2003, ben at transversal.com (ben at transversal.com) wrote:
> > I've recently (6 months or so) been converted to Python, and so have
> > become an avid reader of this newgroup. One thing that has been brought up
> > occasionally by other people, but never has really been answered
> > satisfactorily is the problem of running untrusted code.
> Just like in real life -- if you don't trust someone, don't invite them
> into your house and try to keep an eye on them, it's just too hard. Communicate
> with them by phone, so that their opportunity to harm you is limited. Of
> course, they may shout into your phone, or try to overload your stack
> by sending you malformed objects. But it is is much easier to defend against
> these kind of attacks.
LPC Muds mainly used restricted access (the poeple who could run code on
your box were invited) to prevent people from DoS'ing the box. There
was also some stupidity protection, only so many opcodes could be run per-user
per-turn. Not perfect, but close enough in practice.
This is a hard problem and is best handled by the OS. If anyone cares to
solve the problem it would go a long way to making distributed computing
and passing around code (think of avatars or even viruses!) easy and common.
If you solve the problem, let me know, I would be a giddy beta tester *wink*.
This would be a killer app for python, it is much easier to dynamically
throw around python than perl or java (lisp would also be good, but is a
non-starter for other reasons).
More information about the Python-list