minimum install & pickling
Aaron "Castironpi" Brady
castironpi at gmail.com
Wed Sep 17 07:26:43 CEST 2008
Sometimes questions come up on here about unpickling safely and
executing foreign code. I was thinking a minimum install that didn't
even have access to modules like 'os' could be safe. (Potentially.)
I have time to entertain this a little, though all the devs are busy.
I can bring it up again in a few months if it's a better time.
I browsed for info on 'rexec'. Two c-l-py threads:
A lot of modules would have to go. <Long list> IPC modules:
subprocess, socket, signal, popen2, asyncore, asynchat. ctypes, mmap,
platform.popen, glob, shutil, dircache, and many more</Long>.
I tested it out. I renamed the 'Lib' directory and ran.
'import site' failed; use -v for traceback
Python 2.5.2 (r252:60911, Feb 21 2008, 13:11:45) [MSC v.1310 32 bit
Type "help", "copyright", "credits" or "license" for more information.
>>> import os
ImportError: No module named os
>>> import socket
ImportError: No module named socket
>>> del __builtins__.__import__
NameError: name '__import__' is not defined
>>> del __builtins__.open, __builtins__.file
NameError: name 'open' is not defined
NameError: name 'file' is not defined
Even a function created from raw bytecode string can't do anything
without __import__ or 'open'. And you can't get a second instance
running without subprocess or os.system.
'rexec' may be full of swiss cheese and irreparable, but maybe it
would work to start from bare-bones and add pieces known to be safe.
This sort of thing wouldn't need and standard library support either,
I don't think.
More information about the Python-list