Secure Python

Steve Holden steve at
Fri Nov 17 16:08:35 CET 2006

Hendrik van Rooyen wrote:
> "Stephan Kuhagen" <nospam at domain.tld> wrote:
>> The problem with linux kernel limits are, that they won't work really good
>> on MacOSX and Windows... OTOH the idea is the right one, but the effect can
>> be achieved inside of Python. Since Python does byte compile the code and
>> the interpreter evaluates each byte code token in one evaluation step. The
>> interpreter could be extended for such usecases to count and limit the
>> number of evaluation steps allowed for untrusted script or methods in
>> untrusted script as well as to limit the recursion depth or memory to be
>> allocated. All those limits are managed by the interpreter for script code
>> and hence can be limited for untrusted code by the interpreter. This also
>> does not really make DoS impossible (what about C extensions? - maybe
>> restricting "import"?). - As I said before in this thread, making a sandbox
>> really secure is a hard job, and may need some serious changes in the
>> Python interpreter, but AFAIK from Tcl, it is possible - and would be nice
>> to have.
> I seem to recall previous discussion on this group about a thing called the
> bastion module,
> and that it was deprecated.  Not sure if it has any relevance.
Anyone with an interest in secure Python should take a look at what 
Brett Cannon is doing in his postgraduate work. There have been some 
discussions on the python-dev list.

Steve Holden       +44 150 684 7255  +1 800 494 3119
Holden Web LLC/Ltd
Skype: holdenweb
Recent Ramblings

More information about the Python-list mailing list