Restricted Execution on the cheap

David Pokorny davebrok at soda.csua.berkeley.edu
Tue Nov 30 11:24:25 CET 2004


Hi,

Suppose that one wants to set up a machine to accept python code from,
say, arbitrary email, and run it safely. Would the following
(somewhat draconian) precautions be sufficient?
[assume the Python code is in hack.py]

grep exec    hack.py ==> nothing
grep eval    hack.py ==> nothing
etc... for 'import', 'builtin', 'globals','reload'
'compile', 'file', 'open', 'input', 'locals', 'vars'

Furthermore, suppose that along with the daemon that
processes the the email there is in addition a watcher daemon
that kills and restarts the email-python-runner under any of
the following conditions:

stdout > 50 MB
email-python-runner's heap is > 50 MB
email-python-runner gets stuck on a single program for more than 5 minutes

If you're interested in hacking such a device, I'm sorry to disappoint ---
it won't be up for a long time.

Thanks!
David Pokorny





More information about the Python-list mailing list