I'm developing a webIDE for python and I've 2 questions regarding it.
1. How can i disable some of the modules without deleting. e.g I wish
to disable "os" module.
2. How can i force user code to access only his particular folder, I
dont want to create uses in unix, e.g
fp = open(PATH, 'w') # If this PATH is defined then use can access
files else he cant .. is there is any way?
Regards!
iapain
21  1724 
1. How can i disable some of the modules without deleting. e.g I wish
to disable "os" module.
If you're prepared for the massive breakage that will ensue, you can
chmod go-rwx /usr/lib/python2.3/os.*
(assuming *nix as you later detail).
2. How can i force user code to access only his particular folder, I
dont want to create uses in unix, e.g
Well, you can create a chroot jail for each user that contains a
clone of your /usr/{lib/python2.3/,bin/,usr/bin/} directories.
You'd have to include any other executables that the user would
need (important stuff like ls, cp, mv, mkdir, rmdir,
cvs/ci/co/rcs/svn, etc) This would ensure that each user doesn't
access anything that you haven't explicitly copied in to their
jail. Another alternative might just be to copy the python
libraries to some place in the user's homedir (whatever their
original library path was), revoke execute non-user execute privs
from the python executable ("chmod go-x `which python`), and then
change python to be a script that runs something like "chroot
$HOME/ python $@". Allow per-user access to this script via sudo.
Just a couple ideas you might try.
-tkc
Tim Chase wrote:
If you're prepared for the massive breakage that will ensue, you can
chmod go-rwx /usr/lib/python2.3/os.*
No, I cant change permission or delete the module, the best would be
something to detect 'import os' in user code .. but If i go with chroot
jail approch then everything will be like what i want. But chroot jail
approch would take much space on webserver, what would happen if number
of users are large.
Another alternative might just be to copy the python
libraries to some place in the user's homedir (whatever their
original library path was), revoke execute non-user execute privs
from the python executable ("chmod go-x `which python`), and then
change python to be a script that runs something like "chroot
$HOME/ python $@". Allow per-user access to this script via sudo.
Its having the same problem. The idea on which i am working is a
webide(which i already created) and a user file system(on which i am
working now) so that each user can access python globally and files
from his own folder, without adding them in unix user list.
Best!
"iapain" wrote:
No, I cant change permission or delete the module, the best would be
something to detect 'import os' in user code ..
trust me, implementing a restricted execution model for Python that actually
works is a *lot* harder than that.
googling for "python restricted execution" might give you some clues.
</F>
googling for "python restricted execution" might give you some clues.
I've already assumed that there is no rexec for me as i am using python
2.4. Yeah its much more difficult that my imagination. Should I go for
alternatives like
1. Assume every one who is using this webide, wont corrupt system
2. Use some tricks to encrypt the user path and do lots of replacement
on user code and o/p.
or something else?
Best!
iapain
"iapain" wrote:
I've already assumed that there is no rexec for me as i am using python
2.4. Yeah its much more difficult that my imagination. Should I go for
alternatives like
1. Assume every one who is using this webide, wont corrupt system
2. Use some tricks to encrypt the user path and do lots of replacement
on user code and o/p.
or something else?
unless you're willing to build a restricted runtime that runs on top of the core inter-
preter, you should assume that anyone writing a Python script that's executed by
your program has access to everything that your Python process has access to...
</F>
unless you're willing to build a restricted runtime that runs on top of the core inter-
preter, you should assume that anyone writing a Python script that's executed by
your program has access to everything that your Python process has access to...
I think using replacements I can ban atleast OS module and about files,
either i should ban file open or write my own module something like
rexec, truefully i dont know if I can write that one or not. I was
thinking that this gonna take few days but looking much more difficult.
Thanks Fred! for nice tutorials on www.
On Tue, 11 Jul 2006 06:21:39 -0700, iapain wrote:
>unless you're willing to build a restricted runtime that runs on top of the core inter-
preter, you should assume that anyone writing a Python script that's executed by
your program has access to everything that your Python process has access to...
I think using replacements I can ban atleast OS module and about files,
How are you planning on banning the module? Are you thinking about using
source code scanning to detect risky code?
What about modules which export os? It's one thing to "ban" os, but
did you remember to ban glob.os? How about site.os? And netrc.os? And and
and and...
What about this line of code?
my_innocent_obj ect = __import__(''.j oin([chr(110+x) for x in [1, 5]]))
Creating a restricted execution environment is *hard*. As far as I know,
even Microsoft has never attempted it. And for all of Sun's resources and
talent, security holes are sometimes found even in Java.
--
Steven
my_innocent_obj ect = __import__(''.j oin([chr(110+x) for x in [1, 5]]))
Thats really smart way, yeah i had plan to scan and detect but I think
its not gonna work.
Creating a restricted execution environment is *hard*. As far as I know,
even Microsoft has never attempted it. And for all of Sun's resources and
talent, security holes are sometimes found even in Java.
Does that mean there is no way to implement restricted enviorment?
Best!
iapain
iapain wrote:
>
>my_innocent_ob ject = __import__(''.j oin([chr(110+x) for x in [1, 5]]))
Thats really smart way, yeah i had plan to scan and detect but I think
its not gonna work.
>Creating a restricted execution environment is *hard*. As far as I know,
even Microsoft has never attempted it. And for all of Sun's resources and
talent, security holes are sometimes found even in Java.
Does that mean there is no way to implement restricted enviorment?
In a nutshell: yes, especially if not designed from ground up that way. If
you need it, the best thing to do is to put some distance between your code
and the possibly malicious one, using some RPC.
Diez This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Sean R. Lynch |
last post by:
I've been playing around with Zope's RestrictedPython, and I think I'm
on the way to making the modifications necessary to create a
capabilities-based restricted execution system. The idea is to strip out
any part of RestrictedPython that's not necessary for doing capabilities
and do all security using just capabilities.
The basic idea behind capabilities is that you don't give any piece of
code you don't trust a reference to something...
|
by: Rolf Magnus |
last post by:
Hi,
I would like to embed a python interpreter within a program, but since that
program would be able to automatically download scripts from the internet,
I'd like to run those in a restricted environment, which basically means
that I want to allow only a specific set of modules to be used by the
scripts, so that it wouldn't be possible for them to remove files from the
hard drive, kill processes or do other nasty stuff.
Is there any...
|
by: sriram |
last post by:
Hi,
I am seeing a weird problem with DB2 8.2. When we connect to the
database using the following command in db2 CLP
db2 connect to <dbname> user <user> using <passwd>
I get the following error,
"userid disabled or restricted"
|
by: Julian V. Noble |
last post by:
Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane Isabel
I have gotten well over 10K such messages.
--
|
by: Peter Ammon |
last post by:
It's my understanding that the printf() function is declared as
int printf(const char * restrict format, ...);
in stdio.h. And loosely speaking, if a parameter is declared as
restricted, then accesses to the object must go through that parameter.
Does this mean that
printf("%s", "%s");
| | |
by: Jussi |
last post by:
Hi!
I have a COM server object in which I have set certain interfaces
restricted/hidden. For example
With VB client these attributes works as excpected. However if I use this
same COM component from C# client hidden/restricted attributes seems to have
no effect. Is there any way to restrict C# client's access to certain
|
by: Kiran_Juikar |
last post by:
In my application, I want to copy some file from network location to local
machine folder. It works fine for administrator but If I run it with
restricted user (not having permissions to local machine folder) it gives me
Access denied error.
How can I programmatically give permission to the foder for restrcited user.
|
by: Steve |
last post by:
Hi All
I have several vb.net 2005 apps which have run fine until now
A new customer has set up windows XP with restricted users
When my application starts I get errors, when accessing the registry etc,
due to insufficent rights for the user
If I create a keyfile and set my app to full trust in project settings, many
|
by: Spiros Bousbouras |
last post by:
Is there a way to mimick restricted pointers
using array syntax ? So I'm looking for something
to add to a statement such as "int arr" which
will tell the compiler that I will only access the contents of the
array through arr. If I was using
pointers I would do for example
int * restrict p = malloc(50 * sizeof(int))
Is there a way to do the same thing using
arrays ?
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
