Restricted Execution of untrusted code

Ben Finney bignose+hates-spam at benfinney.id.au
Mon Nov 3 02:16:28 CET 2008


"Emanuele D'Arrigo" <manu3d at gmail.com> writes:

> On Nov 1, 12:44 am, Lawrence D'Oliveiro wrote:
> > I think the most reliable solution is to take advantage of a level
> > in the system that already has to provide protection against
> > malicious code: use a chroot jail.
[…]
> 
> [sigh] That sound a little overkill for a small application. I guess
> somebody should come up with a sandbox version of python, that can
> be executed, say, with a directory provided as a parameter and all
> the os calls are never made above that level.

That's exactly what a chroot jail *is*, except you don't need to wait
for a special version of Python. You don't gain anything with the
appropach you describe that you wouldn't have by setting up a chroot
jail using the existing functionality for that purpose.

-- 
 \        “You can't have everything; where would you put it?” —Steven |
  `\                                                            Wright |
_o__)                                                                  |
Ben Finney



More information about the Python-list mailing list