Embedding a restricted python interpreter

Dieter Maurer dieter at handshake.de
Mon Jan 17 20:11:48 CET 2005


Paul Rubin <http://phr.cx@NOSPAM.invalid> writes on 08 Jan 2005 14:56:43 -0800:
> Dieter Maurer <dieter at handshake.de> writes:
> >   It uses a specialized compiler that prevents dangerous bytecode operations
> >   to be generated and enforces a restricted builtin environment.
> 
> Does it stop the user from generating his own bytecode strings and
> demarshalling them?

Almost surely, I do not understand you:

  In the standard setup, the code has no access to most
  of Python's runtime library. Only a few selected modules
  are deemed to be safe and can be imported (and used) in
  "RestrictedPython". "marshal" or "unmarshal" are not considered safe.
  Security Declaration can be used to make more modules importable -- but
  then, this is an explicite decision by the application developper.

  *If* the framework decided to exchange byte code between
  user and iterpreter, then there would be no security at
  all, because the interpreter is the standard interpreter
  and security is built into the compilation process.
  Of course, you should not step in *after* the secured step ;-)

  Thus, "RestrictedPython" expects that the user sends
  Python source code (and not byte code!), it compiles
  this source code into byte code that enforces a strict
  access and facility policy.


Dieter



More information about the Python-list mailing list