473,881 Members | 1,587 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Embedding a restricted python interpreter


I would like to embed a python interpreter within a program, but since that
program would be able to automatically download scripts from the internet,
I'd like to run those in a restricted environment, which basically means
that I want to allow only a specific set of modules to be used by the
scripts, so that it wouldn't be possible for them to remove files from the
hard drive, kill processes or do other nasty stuff.
Is there any way to do that with the standard python interpreter?

Jul 18 '05
13 4047
On Thu, 2005-01-06 at 23:05, Peter Maas wrote:
Craig Ringer schrieb: It would certainly be difficult to track all harmful code constructs.
But AFAIK the idea of a sandbox is not to look at the offending code
but to protect the offended objects: files, databases, URLs, sockets
etc. and to raise a security exception when some code tries to offend
That's a good point. I'm not sure it's really all that different in the
end though, because in order to control access to those resources you
have to restrict what the program can do.

It'd probably be valid to implement a restricted mode at CPython level
(in my still-quite-new-to-the-Python/C-API view) by checking at the
"exit points" for important resources such as files, etc. I guess that's
getting into talk of something like the Java sandbox, though - something
Java proved is far from trivial to implement. Of course, CPython is just
a /tad/ smaller than Java ;-) .

Personally, I'd be worried about the amount of time it'd take and the
difficulty of getting it right. One wouldn't want to impart a false
sense of security.

My original point, though, was that I don't think you can use the
standard interpreter to create a restricted environment that will be
both useful and even vaguely secure. I'd be absolutely delighted if
someone could prove me wrong.
Python is a very well designed language but progress is made by
criticism not by satisfaction ;)

Heh, I'm hardly complacent... I run into quite enough problems,
especially with embedding and with the C API. Maybe one day I'll have
the knowledge - and the time - to have a chance at tackling them.

I'd love a restricted mode - it'd be great. I'm just not very optimistic
about its practicality.

Craig Ringer

Jul 18 '05 #11
Doug Holton <a@b.c> writes on Thu, 06 Jan 2005 20:34:31 -0600:
Hi, there is a page on this topic here:

The short answer is that it is not possible to do this with the
CPython, but you can run sandboxed code on other virtual machines,
such as Java's JVM with Jython, or .NET/Mono's CLR with Boo or

Zope contains a "restrictedPyth on" implementation.

It uses a specialized compiler that prevents dangerous bytecode operations
to be generated and enforces a restricted builtin environment.
Jul 18 '05 #12
Dieter Maurer <di****@handsha ke.de> writes:
It uses a specialized compiler that prevents dangerous bytecode operations
to be generated and enforces a restricted builtin environment.

Does it stop the user from generating his own bytecode strings and
demarshalling them?
Jul 18 '05 #13
Paul Rubin <http://ph****@NOSPAM.i nvalid> writes on 08 Jan 2005 14:56:43 -0800:
Dieter Maurer <di****@handsha ke.de> writes:
It uses a specialized compiler that prevents dangerous bytecode operations
to be generated and enforces a restricted builtin environment.

Does it stop the user from generating his own bytecode strings and
demarshalling them?

Almost surely, I do not understand you:

In the standard setup, the code has no access to most
of Python's runtime library. Only a few selected modules
are deemed to be safe and can be imported (and used) in
"RestrictedPyth on". "marshal" or "unmarshal" are not considered safe.
Security Declaration can be used to make more modules importable -- but
then, this is an explicite decision by the application developper.

*If* the framework decided to exchange byte code between
user and iterpreter, then there would be no security at
all, because the interpreter is the standard interpreter
and security is built into the compilation process.
Of course, you should not step in *after* the secured step ;-)

Thus, "RestrictedPyth on" expects that the user sends
Python source code (and not byte code!), it compiles
this source code into byte code that enforces a strict
access and facility policy.
Jul 18 '05 #14

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

by: jordi | last post by:
Hi, I'm starting to use Python embedded in a C program. I'm using Python to execute several scripts using as a variables information retrieved for several multithread "agents" written in C. The method is: 1- Create a thread for each agent (I use a pool thread, every agent run in a different thread) 2- Precompile a different script for each agent. 3- Make the agent retrieve its data
by: vincent Salaun | last post by:
hi all, here's my problem : I've embedded a python interpreter in our java application (based on the NetBeans palteforrm) using the Jython API : http://www.jython.org/docs/javadoc/index.html So, i've used the PythonInterpreter class to instanciate an interpreter and to integrate it but the its environnement doesn't seem to be the
by: Atul Kshirsagar | last post by:
I am embedding python in my C++ application. I am using Python *2.3.2* with a C++ extention DLL in multi-threaded environment. I am using SWIG-1.3.19 to generate C++ to Python interface. Now to explain it in details, 1. Python initialization and finalization is done in the *main* thread. 2. For each new thread I create a separate sub-interpreter . 3. Using PyRun_String("import myModule"...) before execution of python
by: Robey Holderith | last post by:
Anyone know a good way to embed python within python? Now before you tell me that's silly, let me explain what I'd like to do. I'd like to allow user-defined scriptable objects. I'd like to give them access to modify pieces of my classes. I'd like to disallow access to pretty much the rest of the modules.
by: Martin | last post by:
Greetings, I am new to python and wish to embed python in an 3D graphics application to provide application automation. The high level goal is to be able to drive my app from a script for batch job like behavior rather than via the GUI (ie. I would like to run a script and see those changes reflected in the GUI as if the user had clicked buttons, etc.) The application is written in C++ and uses QT for the GUI. I have read the python...
by: Craig Ringer | last post by:
Hi folks I'm a bit of a newbie here, though I've tried to appropriately research this issue before posting. I've found a lot of questions, a few answers that don't really answer quite what I'm looking for, but nothing that really solves or explains all this. I'll admit to being stumped, hence my question here. I'm also trying to make this post as clear and detailed as possible. Unfortunately, that means it's come out like a book. I...
by: adsheehan | last post by:
Hi, I am embedding Python into a multi-threaded C++ application running on Solaris and need urgent clarification on the embedding architecture and its correct usage (as I am experience weird behaviors). Can anyone clarify:
by: Thomas Bartkus | last post by:
Name: lib64python2.4-devel Summary: The libraries and header files needed for Python development Description: The Python programming language's interpreter can be extended with dynamically loaded extensions and can be embedded in other programs. This package contains the header files and libraries needed to do these types of tasks. ------------------------------------------------------
by: dmoore | last post by:
Hi Folks: I have a question about the use of static members in Python/C extensions. Take the simple example from the "Extending and Embedding the Python Interpreter" docs: A simple module method: static PyObject * spam_system(PyObject *self, PyObject *args)
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.