securing a python execution environment...
Chris Withers
chris at simplistix.co.uk
Mon Nov 19 08:43:07 EST 2007
Laszlo Nagy wrote:
> Once upon a time, there has been a module called "bastillon" (am I
> right?) and "rexec" (restricted execution environment) but they were not
> really secure. It was a long time ago. Python is very flexible, and
> interpreted and it is hard to prevent the users from importing modules.
Indeed. I think Zope's security proxies solve a lot of the problem as
they are a C extension to python and so can't be circumvented ;-)
> They can do nasty things. For example, open a file and eval() it etc.
Yes, there are plenty of builtins that need to be blocked out and plenty
of things that need to be blocked from being imported, but I know it is
possible ;-)
(see Zope's "Script (Python)" objects, I'm just hoping for a cleaner,
simpler solution...)
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Python-list
mailing list