Restricted Execution of untrusted code

Roy Smith roy at panix.com
Mon Nov 3 03:50:03 CET 2008


In article <87y701obgz.fsf at benfinney.id.au>,
 Ben Finney <bignose+hates-spam at benfinney.id.au> wrote:

> "Emanuele D'Arrigo" <manu3d at gmail.com> writes:
> 
> > On Nov 1, 12:44 am, Lawrence D'Oliveiro wrote:
> > > I think the most reliable solution is to take advantage of a level
> > > in the system that already has to provide protection against
> > > malicious code: use a chroot jail.
> […]
> > 
> > [sigh] That sound a little overkill for a small application. I guess
> > somebody should come up with a sandbox version of python, that can
> > be executed, say, with a directory provided as a parameter and all
> > the os calls are never made above that level.
> 
> That's exactly what a chroot jail *is*, except you don't need to wait
> for a special version of Python.

What's more, the kernel is in a much better position to understand how a 
pathname maps to a location in the physical file system than any 
application could.  Should Python attempt to understand what it means to 
traverse a symlink?  A mount point?



More information about the Python-list mailing list