Now that rexec is gone, is there any code or information available on
executing Python in a restricted environment? And before I roll my own
solution, exactly where the security holes in rexec anyway?
(I know one way of getting a restricted environment: butcher the Python
interpreter by removing everything that's even remotely dangerous, use
Python only for restricted execution, and do everything else in a C++
program that embeds the butchered Python interpreter. I'd like to avoid
doing that, for obvious reasons.)
--
Rainer Deyke - ra*****@eldwood .com - http://eldwood.com 13  3790 
"Rainer Deyke" <ra*****@eldwoo d.com> wrote in message
news:XA8db.5972 31$o%2.276974@s ccrnsc02... Now that rexec is gone, is there any code or information available
on executing Python in a restricted environment? And before I roll my
own solution, exactly where the security holes in rexec anyway?
Suggest you google last year of c.l.py for 'rexec'. Also check out
py-dev summaries of last fall for discussion of why removed.
TJR
"Rainer Deyke" <ra*****@eldwoo d.com> writes: Now that rexec is gone, is there any code or information available on
executing Python in a restricted environment?
There was a thread on python-dev about Zope's version of rexec
(RestrictedPyth on?) which looked promising on casual inspection.
Cheers,
mwh
-- It might get my attention if you'd spin around in your chair,
spoke in tongues, and puked jets of green goblin goo.
I can arrange for this. ;-) -- Barry Warsaw & Fred Drake
Rainer Deyke wrote: Now that rexec is gone, is there any code or information available on
executing Python in a restricted environment? And before I roll my own
solution, exactly where the security holes in rexec anyway?
(I know one way of getting a restricted environment: butcher the Python
interpreter by removing everything that's even remotely dangerous, use
Python only for restricted execution, and do everything else in a C++
program that embeds the butchered Python interpreter. I'd like to avoid
doing that, for obvious reasons.)
Actually, such a "butchered" Python interpreter might be a fun and
useful project indeed. You would have to add programmable limits on
resource consumptions -- e.g., memory allocatable by the script[s],
time (CPU or maybe elapsed) usable thereby, etc. And you should rename
everything, say to use Qy instead of Py, so that a normal and a
butchered interpreter could easily be embedded in the same program.
Once the hard work of "butchering " is done, you might in fact quite
easily expose "the butchered interpreter" via an extension module for
Python proper -- no need to do "everything in C++", you'd just have two
separate Pythons, a full-function one and a seriously-hobbled one.
Not *QUITE* as good as running untrusted code in a separate "jail"'d
process, perhaps, but probably the closest you can come to that on
such environments as Windows. Note that the need to add resource
limitations is crucial (and was never addressed by rexec, making it
pretty useless to ward against denial-of-service kinds of attacks!).
Alex
Alex Martelli wrote: Actually, such a "butchered" Python interpreter might be a fun and
useful project indeed. You would have to add programmable limits on
resource consumptions -- e.g., memory allocatable by the script[s],
time (CPU or maybe elapsed) usable thereby, etc. And you should
rename everything, say to use Qy instead of Py, so that a normal and a
butchered interpreter could easily be embedded in the same program.
That might be a useful project, but it also sounds like a lot of work. I
don't think I'll be going that route.
As it turns out, I can solve my security problem in a different way
entirely: by confirming that any Python code I run is from a trusted source.
No need to run untrusted code at all.
--
Rainer Deyke - ra*****@eldwood .com - http://eldwood.com
Terry Reedy wrote: Suggest you google last year of c.l.py for 'rexec'. Also check out
py-dev summaries of last fall for discussion of why removed.
I see... It turns out that, short of modifying the Python interpreter, there
is no way to get real security. '"".__class_ _' gives access to 'str', 'str'
gives access to 'object', and 'object' gives access to 'file'.
--
Rainer Deyke - ra*****@eldwood .com - http://eldwood.com
Rainer Deyke wrote: As it turns out, I can solve my security problem in a different way
entirely: by confirming that any Python code I run is from a trusted
source.
No need to run untrusted code at all.
Yes, that sounds like the most reasonable approach.
--
Erik Max Francis && ma*@alcyone.com && http://www.alcyone.com/max/
__ San Jose, CA, USA && 37 20 N 121 53 W && &tSftDotIotE
/ \ In principle I am against principles.
\__/ Tristan Tzara
In article <Ih************ **********@news 1.tin.it>,
Alex Martelli <al***@aleax.it > wrote:
"Rainer Deyke" <ra*****@eldwoo d.com> writes: Terry Reedy wrote: Suggest you google last year of c.l.py for 'rexec'. Also check out
py-dev summaries of last fall for discussion of why removed.
I see... It turns out that, short of modifying the Python interpreter, there
is no way to get real security. '"".__class_ _' gives access to 'str', 'str'
gives access to 'object', and 'object' gives access to 'file'.
A message-id, or similar, at this point, could save future googlers a
lot of time ...
Rob Hunter wrote: How do I check if a value is a number in Python?
One way is (x == type(1)) and (x == type(1.2)) and (x ==
type(2387482734 274)) and ...
but this seems kludgy. Any better way?
Why do you want to do so? Maybe, it is better in your
case to just run the piece of code using the number, and
if it fails, it fails. However, if you must, you need to
do type(x) is type(1) and ... etc., or isinstance(x, int)
and isinstance(x, float), etc.
Gerrit.
--
Asperger Syndroom - een persoonlijke benadering: http://people.nl.linux.org/~gerrit/
Het zijn tijden om je zelf met politiek te bemoeien: http://www.sp.nl/ This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Colin Coghill (SFive) |
last post by:
Hi, a year or so back some students of mine and I wrote some software
which made use of the rexec module to run untrusted user code relatively
safely. (We were creating a prototype of a mobile-code style app)
I'm now working on another project which will need to be able to
do something similar, and I noticed that rexec and Bastion have been
withdrawn for (in)security reasons.
I've searched fairly hard, and have been unable to find any...
|
by: Huaiyu Zhu |
last post by:
What is the prefered way to eval a string like "('a', 1)"? These strings
are representations of simple objects of type int, str, or dict, tuple or
list made of them. I do not want to use naked eval in case I run the
script on a wrong file that happens to contain Python code.
Previously I used the following
from rexec import RExec
r_eval = RExec().r_eval
|
by: Paul Miller |
last post by:
I came across this recipe on the Python Cookbook site:
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/286134
As written, it allows evaluation of either constants or more general
expressions involving constants and operators (but not function
calls).
I haven't thoroughly tested it for security, but it at least passes
the smoke test. Assuming that this can either be demonstrated to be
|
by: Kay Schluehr |
last post by:
Cited from Python-doc ( v.2.3 )
My question about rexec and bastion may be anachronistic but I did not
found much explanation, why rexec and bastion are swiss cheese? It may
be helpfull to resume the problems to learn from them.
Ciao
Kay
|
by: JoeBrain00 |
last post by:
Sorry if this is in the wrong forum, I couldn't find another place for
it...
Does anyone use Visual Integration Studio? (
http://www.crossrhoades.com )
I am attempting to load some Oracle data using SQL*Loader but my
Oracle server is on a UNIX system, so I'd like to telnet or rexec the
sqlloader command to unix and wait for it to complete in my data
integration process.
| | |
by: Mark Fink |
last post by:
Hi there,
I at the moment port a library from Python to Jython (at lease I try to
do so :-))). The library uses the Rexec to form a type adapter to cast
parameters given as text into the according Jython type. I learned
rexec is not available in Jython. Is something that is commonly used in
Jython for such tasks available?
In general: how do I find such information by myself?
Best Regards,
Mark
|
by: Erik Johnson |
last post by:
The documentation for these two modules says that they were disabled in
Python 2.3 due to security holes not easily fixable. I have not worked with
them, but I can still import them under Python 2.4, so I'm not clear on
whether the security problems were fixed in Python itself, or whether the
modules remain deprecated (disabled?)? How are/were they actually disabled?
Any place that documents what the problems are? Any alternatives?
...
|
by: Paul Miller |
last post by:
Bastion and rexec have been deprecated since Python 2.2, so it seems
we (the Python community) have gotten along well enough without them.
Have these modules not been reimplemented because:
a) There are no valid use cases for them.
b) Doing so would be difficult and prone to breakage as new features
are introduced into the language.
c) Nobody has any idea how to do it.
d) Nobody cares.
e) Guido thinks it's a bad idea.
|
by: datactrl |
last post by:
Hi, all
I'd like to execute a remote program in Windows operation system with rexec in PHP. Is there a rexec module PHP instead of using PHP to create a process to run rexec, just like CGI? Or is there any way to speed up it when doing like that? Thank you in advance!
Jack
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
