Embedding a restricted python interpreter

[Jp Calderone]

On Thu, 06 Jan 2005 16:05:50 +0100, Peter Maas <peter at somewhere.com> wrote:
>Craig Ringer schrieb:
> > That is my understanding. In fact, I'd say with Python it's nearly
> > impossible given how dynamic everything is and the number of tricks that
> > can be used to obfuscate what you're doing. Think of the fun that can be
> > had with str.encode / str.decode and getattr/hasattr .
> 
> It would certainly be difficult to track all harmful code constructs.
> But AFAIK the idea of a sandbox is not to look at the offending code
> but to protect the offended objects: files, databases, URLs, sockets
> etc. and to raise a security exception when some code tries to offend
> them. Jython is as dynamic as C-Python and yet it generates class
> files behaving well under the JVM's security regime.
> 
> > 
> > I looked into this, and my conclusion ended up being "Well, I'm using
> > Python because I want it's power and flexibilty. If I want a secure
> > scripting environment, I should use something like Lua or Qt Script for
> > Applications instead."
> 
> It would be good for Python if it would offer a secure mode. Some
> time ago I asked my hosting provider whether I could use mod_python
> with apache to run Python scripts in the same way as PHP scripts.
> He denied that pointing to Python security issues and to PHP safe.
> mode. Python IS powerful but there are many areas where it is of
> vital interest who is allowed to use its power and what can be done
> with it. I think it would be a pity to exclude Python from these
> areas where a lot of programming/computing is done.

  A Python sandbox would be useful, but the hosting provider's excuse
for not allowing you to use mod_python is completely bogus.  All the 
necessary security tools for that situation are provided by the 
platform in the form of process and user separation.

  Jp