Restricted Execution of untrusted code
bignose+hates-spam at benfinney.id.au
Mon Nov 3 02:16:28 CET 2008
"Emanuele D'Arrigo" <manu3d at gmail.com> writes:
> On Nov 1, 12:44 am, Lawrence D'Oliveiro wrote:
> > I think the most reliable solution is to take advantage of a level
> > in the system that already has to provide protection against
> > malicious code: use a chroot jail.
> [sigh] That sound a little overkill for a small application. I guess
> somebody should come up with a sandbox version of python, that can
> be executed, say, with a directory provided as a parameter and all
> the os calls are never made above that level.
That's exactly what a chroot jail *is*, except you don't need to wait
for a special version of Python. You don't gain anything with the
appropach you describe that you wouldn't have by setting up a chroot
jail using the existing functionality for that purpose.
\ “You can't have everything; where would you put it?” —Steven |
`\ Wright |
More information about the Python-list