Restricted Execution on the cheap
davebrok at soda.csua.berkeley.edu
Tue Nov 30 11:24:25 CET 2004
Suppose that one wants to set up a machine to accept python code from,
say, arbitrary email, and run it safely. Would the following
(somewhat draconian) precautions be sufficient?
[assume the Python code is in hack.py]
grep exec hack.py ==> nothing
grep eval hack.py ==> nothing
etc... for 'import', 'builtin', 'globals','reload'
'compile', 'file', 'open', 'input', 'locals', 'vars'
Furthermore, suppose that along with the daemon that
processes the the email there is in addition a watcher daemon
that kills and restarts the email-python-runner under any of
the following conditions:
stdout > 50 MB
email-python-runner's heap is > 50 MB
email-python-runner gets stuck on a single program for more than 5 minutes
If you're interested in hacking such a device, I'm sorry to disappoint ---
it won't be up for a long time.
More information about the Python-list