Embedding a restricted python interpreter

Peter Maas peter at somewhere.com
Thu Jan 6 16:05:50 CET 2005


Craig Ringer schrieb:
> That is my understanding. In fact, I'd say with Python it's nearly
> impossible given how dynamic everything is and the number of tricks that
> can be used to obfuscate what you're doing. Think of the fun that can be
> had with str.encode / str.decode and getattr/hasattr .

It would certainly be difficult to track all harmful code constructs.
But AFAIK the idea of a sandbox is not to look at the offending code
but to protect the offended objects: files, databases, URLs, sockets
etc. and to raise a security exception when some code tries to offend
them. Jython is as dynamic as C-Python and yet it generates class
files behaving well under the JVM's security regime.

> 
> I looked into this, and my conclusion ended up being "Well, I'm using
> Python because I want it's power and flexibilty. If I want a secure
> scripting environment, I should use something like Lua or Qt Script for
> Applications instead."

It would be good for Python if it would offer a secure mode. Some
time ago I asked my hosting provider whether I could use mod_python
with apache to run Python scripts in the same way as PHP scripts.
He denied that pointing to Python security issues and to PHP safe.
mode. Python IS powerful but there are many areas where it is of
vital interest who is allowed to use its power and what can be done
with it. I think it would be a pity to exclude Python from these
areas where a lot of programming/computing is done.

Python is a very well designed language but progress is made by
criticism not by satisfaction ;)

-- 
-------------------------------------------------------------------
Peter Maas,  M+R Infosysteme,  D-52070 Aachen,  Tel +49-241-93878-0
E-mail 'cGV0ZXIubWFhc0BtcGx1c3IuZGU=\n'.decode('base64')
-------------------------------------------------------------------



More information about the Python-list mailing list