473,804 Members | 3,771 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Embedding a restricted python interpreter

Hi,

I would like to embed a python interpreter within a program, but since that
program would be able to automatically download scripts from the internet,
I'd like to run those in a restricted environment, which basically means
that I want to allow only a specific set of modules to be used by the
scripts, so that it wouldn't be possible for them to remove files from the
hard drive, kill processes or do other nasty stuff.
Is there any way to do that with the standard python interpreter?

Jul 18 '05
13 4035
On Thu, 2005-01-06 at 23:05, Peter Maas wrote:
Craig Ringer schrieb: It would certainly be difficult to track all harmful code constructs.
But AFAIK the idea of a sandbox is not to look at the offending code
but to protect the offended objects: files, databases, URLs, sockets
etc. and to raise a security exception when some code tries to offend
them.
That's a good point. I'm not sure it's really all that different in the
end though, because in order to control access to those resources you
have to restrict what the program can do.

It'd probably be valid to implement a restricted mode at CPython level
(in my still-quite-new-to-the-Python/C-API view) by checking at the
"exit points" for important resources such as files, etc. I guess that's
getting into talk of something like the Java sandbox, though - something
Java proved is far from trivial to implement. Of course, CPython is just
a /tad/ smaller than Java ;-) .

Personally, I'd be worried about the amount of time it'd take and the
difficulty of getting it right. One wouldn't want to impart a false
sense of security.

My original point, though, was that I don't think you can use the
standard interpreter to create a restricted environment that will be
both useful and even vaguely secure. I'd be absolutely delighted if
someone could prove me wrong.
Python is a very well designed language but progress is made by
criticism not by satisfaction ;)


Heh, I'm hardly complacent... I run into quite enough problems,
especially with embedding and with the C API. Maybe one day I'll have
the knowledge - and the time - to have a chance at tackling them.

I'd love a restricted mode - it'd be great. I'm just not very optimistic
about its practicality.

--
Craig Ringer

Jul 18 '05 #11
Doug Holton <a@b.c> writes on Thu, 06 Jan 2005 20:34:31 -0600:
...
Hi, there is a page on this topic here:
http://www.python.org/moin/SandboxedPython

The short answer is that it is not possible to do this with the
CPython, but you can run sandboxed code on other virtual machines,
such as Java's JVM with Jython, or .NET/Mono's CLR with Boo or
IronPython.


Zope contains a "restrictedPyth on" implementation.

It uses a specialized compiler that prevents dangerous bytecode operations
to be generated and enforces a restricted builtin environment.
Jul 18 '05 #12
Dieter Maurer <di****@handsha ke.de> writes:
It uses a specialized compiler that prevents dangerous bytecode operations
to be generated and enforces a restricted builtin environment.


Does it stop the user from generating his own bytecode strings and
demarshalling them?
Jul 18 '05 #13
Paul Rubin <http://ph****@NOSPAM.i nvalid> writes on 08 Jan 2005 14:56:43 -0800:
Dieter Maurer <di****@handsha ke.de> writes:
It uses a specialized compiler that prevents dangerous bytecode operations
to be generated and enforces a restricted builtin environment.


Does it stop the user from generating his own bytecode strings and
demarshalling them?


Almost surely, I do not understand you:

In the standard setup, the code has no access to most
of Python's runtime library. Only a few selected modules
are deemed to be safe and can be imported (and used) in
"RestrictedPyth on". "marshal" or "unmarshal" are not considered safe.
Security Declaration can be used to make more modules importable -- but
then, this is an explicite decision by the application developper.

*If* the framework decided to exchange byte code between
user and iterpreter, then there would be no security at
all, because the interpreter is the standard interpreter
and security is built into the compilation process.
Of course, you should not step in *after* the secured step ;-)

Thus, "RestrictedPyth on" expects that the user sends
Python source code (and not byte code!), it compiles
this source code into byte code that enforces a strict
access and facility policy.
Dieter
Jul 18 '05 #14

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
0
2515
Some questions embedding Pythong in C (callback for variable assignment in the dictionary?)
by: jordi | last post by:
Hi, I'm starting to use Python embedded in a C program. I'm using Python to execute several scripts using as a variables information retrieved for several multithread "agents" written in C. The method is: 1- Create a thread for each agent (I use a pool thread, every agent run in a different thread) 2- Precompile a different script for each agent. 3- Make the agent retrieve its data
Python
0
1999
[(J)Python] embedding python
by: vincent Salaun | last post by:
hi all, here's my problem : I've embedded a python interpreter in our java application (based on the NetBeans palteforrm) using the Jython API : http://www.jython.org/docs/javadoc/index.html So, i've used the PythonInterpreter class to instanciate an interpreter and to integrate it but the its environnement doesn't seem to be the
Python
0
1854
Python 2.3 problem with extention-embedding in multi-threaded andmulti sub-interpreter environment
by: Atul Kshirsagar | last post by:
I am embedding python in my C++ application. I am using Python *2.3.2* with a C++ extention DLL in multi-threaded environment. I am using SWIG-1.3.19 to generate C++ to Python interface. Now to explain it in details, 1. Python initialization and finalization is done in the *main* thread. 2. For each new thread I create a separate sub-interpreter . 3. Using PyRun_String("import myModule"...) before execution of python
Python
23
2991
Embedding Python in Python
by: Robey Holderith | last post by:
Anyone know a good way to embed python within python? Now before you tell me that's silly, let me explain what I'd like to do. I'd like to allow user-defined scriptable objects. I'd like to give them access to modify pieces of my classes. I'd like to disallow access to pretty much the rest of the modules.
Python
1
537
Embedding Python
by: Martin | last post by:
Greetings, I am new to python and wish to embed python in an 3D graphics application to provide application automation. The high level goal is to be able to drive my app from a script for batch job like behavior rather than via the GUI (ie. I would like to run a script and see those changes reflected in the GUI as if the user had clicked buttons, etc.) The application is written in C++ and uses QT for the GUI. I have read the python...
Python
1
3181
Correct way to handle independent interpreters when embedding in asingle-threaded C++ app
by: Craig Ringer | last post by:
Hi folks I'm a bit of a newbie here, though I've tried to appropriately research this issue before posting. I've found a lot of questions, a few answers that don't really answer quite what I'm looking for, but nothing that really solves or explains all this. I'll admit to being stumped, hence my question here. I'm also trying to make this post as clear and detailed as possible. Unfortunately, that means it's come out like a book. I...
Python
4
1685
Urgent: Embedding Python problems - advice sought
by: adsheehan | last post by:
Hi, I am embedding Python into a multi-threaded C++ application running on Solaris and need urgent clarification on the embedding architecture and its correct usage (as I am experience weird behaviors). Can anyone clarify:
Python
8
1828
Embedding Python in other programs
by: Thomas Bartkus | last post by:
Name: lib64python2.4-devel Summary: The libraries and header files needed for Python development Description: The Python programming language's interpreter can be extended with dynamically loaded extensions and can be embedded in other programs. This package contains the header files and libraries needed to do these types of tasks. ------------------------------------------------------
Python
3
2687
Embedding/Extending Python in/with C++: non-static members?
by: dmoore | last post by:
Hi Folks: I have a question about the use of static members in Python/C extensions. Take the simple example from the "Extending and Embedding the Python Interpreter" docs: A simple module method: static PyObject * spam_system(PyObject *self, PyObject *args)
Python
0
9706
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
10583
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10082
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
9160
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
7622
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
5525
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
Networking - Hardware / Configuration
0
5654
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
4301
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3822
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us