Now that rexec is gone, is there any code or information available on
executing Python in a restricted environment? And before I roll my own
solution, exactly where the security holes in rexec anyway?
(I know one way of getting a restricted environment: butcher the Python
interpreter by removing everything that's even remotely dangerous, use
Python only for restricted execution, and do everything else in a C++
program that embeds the butchered Python interpreter. I'd like to avoid
doing that, for obvious reasons.)
--
Rainer Deyke - ra*****@eldwood.com - http://eldwood.com 13  3759 
"Rainer Deyke" <ra*****@eldwood.com> wrote in message
news:XA8db.597231$o%2.276974@sccrnsc02... Now that rexec is gone, is there any code or information available
on executing Python in a restricted environment? And before I roll my
own solution, exactly where the security holes in rexec anyway?
Suggest you google last year of c.l.py for 'rexec'. Also check out
py-dev summaries of last fall for discussion of why removed.
TJR
"Rainer Deyke" <ra*****@eldwood.com> writes: Now that rexec is gone, is there any code or information available on
executing Python in a restricted environment?
There was a thread on python-dev about Zope's version of rexec
(RestrictedPython?) which looked promising on casual inspection.
Cheers,
mwh
-- It might get my attention if you'd spin around in your chair,
spoke in tongues, and puked jets of green goblin goo.
I can arrange for this. ;-) -- Barry Warsaw & Fred Drake
Rainer Deyke wrote: Now that rexec is gone, is there any code or information available on
executing Python in a restricted environment? And before I roll my own
solution, exactly where the security holes in rexec anyway?
(I know one way of getting a restricted environment: butcher the Python
interpreter by removing everything that's even remotely dangerous, use
Python only for restricted execution, and do everything else in a C++
program that embeds the butchered Python interpreter. I'd like to avoid
doing that, for obvious reasons.)
Actually, such a "butchered" Python interpreter might be a fun and
useful project indeed. You would have to add programmable limits on
resource consumptions -- e.g., memory allocatable by the script[s],
time (CPU or maybe elapsed) usable thereby, etc. And you should rename
everything, say to use Qy instead of Py, so that a normal and a
butchered interpreter could easily be embedded in the same program.
Once the hard work of "butchering" is done, you might in fact quite
easily expose "the butchered interpreter" via an extension module for
Python proper -- no need to do "everything in C++", you'd just have two
separate Pythons, a full-function one and a seriously-hobbled one.
Not *QUITE* as good as running untrusted code in a separate "jail"'d
process, perhaps, but probably the closest you can come to that on
such environments as Windows. Note that the need to add resource
limitations is crucial (and was never addressed by rexec, making it
pretty useless to ward against denial-of-service kinds of attacks!).
Alex
Alex Martelli wrote: Actually, such a "butchered" Python interpreter might be a fun and
useful project indeed. You would have to add programmable limits on
resource consumptions -- e.g., memory allocatable by the script[s],
time (CPU or maybe elapsed) usable thereby, etc. And you should
rename everything, say to use Qy instead of Py, so that a normal and a
butchered interpreter could easily be embedded in the same program.
That might be a useful project, but it also sounds like a lot of work. I
don't think I'll be going that route.
As it turns out, I can solve my security problem in a different way
entirely: by confirming that any Python code I run is from a trusted source.
No need to run untrusted code at all.
--
Rainer Deyke - ra*****@eldwood.com - http://eldwood.com
Terry Reedy wrote: Suggest you google last year of c.l.py for 'rexec'. Also check out
py-dev summaries of last fall for discussion of why removed.
I see... It turns out that, short of modifying the Python interpreter, there
is no way to get real security. '"".__class__' gives access to 'str', 'str'
gives access to 'object', and 'object' gives access to 'file'.
--
Rainer Deyke - ra*****@eldwood.com - http://eldwood.com
Rainer Deyke wrote: As it turns out, I can solve my security problem in a different way
entirely: by confirming that any Python code I run is from a trusted
source.
No need to run untrusted code at all.
Yes, that sounds like the most reasonable approach.
--
Erik Max Francis && ma*@alcyone.com && http://www.alcyone.com/max/
__ San Jose, CA, USA && 37 20 N 121 53 W && &tSftDotIotE
/ \ In principle I am against principles.
\__/ Tristan Tzara
In article <Ih**********************@news1.tin.it>,
Alex Martelli <al***@aleax.it> wrote:
"Rainer Deyke" <ra*****@eldwood.com> writes: Terry Reedy wrote: Suggest you google last year of c.l.py for 'rexec'. Also check out
py-dev summaries of last fall for discussion of why removed.
I see... It turns out that, short of modifying the Python interpreter, there
is no way to get real security. '"".__class__' gives access to 'str', 'str'
gives access to 'object', and 'object' gives access to 'file'.
A message-id, or similar, at this point, could save future googlers a
lot of time ...
Rob Hunter wrote: How do I check if a value is a number in Python?
One way is (x == type(1)) and (x == type(1.2)) and (x ==
type(2387482734274)) and ...
but this seems kludgy. Any better way?
Why do you want to do so? Maybe, it is better in your
case to just run the piece of code using the number, and
if it fails, it fails. However, if you must, you need to
do type(x) is type(1) and ... etc., or isinstance(x, int)
and isinstance(x, float), etc.
Gerrit.
--
Asperger Syndroom - een persoonlijke benadering: http://people.nl.linux.org/~gerrit/
Het zijn tijden om je zelf met politiek te bemoeien: http://www.sp.nl/
First, whatever test you use, you should probably encapsulate it in a
function, so that if you need to update the definition you can do it at
one site instead of many:
def isnumeric(x):
return isinstance(x, (int, long, float))
You could have a registry of numeric types:
_numeric_types = ()
def register_numeric_type(t):
global _numeric_types
if t in _numeric_types: return
_numeric_types += (t,)
for value in (0, 0., 0l, 0j):
register_numeric_type(type(value))
def isnumeric(x):
return isinstance(x, _numeric_types)
Now, if someone wants to write a vector type, it merely needs to be
registered.
You could test that common numeric operations work:
def isnumeric(x):
try:
if x*1 == x and x+0 == x:
return 1
except TypeError:
pass
return 0
You could just run your code and let the eventual TypeError speak for
itself.. instead of
def f(x):
if not isnumeric(x): raise TypeError, "can't f() a %s" % type(x)
return x*x
just write
def f2(x):
return x*x
The difference in the quality of the error message is not large: f("")
Traceback (most recent call last):
File "<stdin>", line 1, in ?
File "<stdin>", line 2, in f
TypeError: can't f() a <type 'str'> f2("")
Traceback (most recent call last):
File "<stdin>", line 1, in ?
File "<stdin>", line 2, in f2
TypeError: unsupported operand type(s) for *: 'str' and 'str'
Jeff
> > How do I check if a value is a number in Python?
One way is (x == type(1)) and (x == type(1.2)) and (x ==
type(2387482734274)) and ...
Why do you want to do so? Maybe, it is better in your
case to just run the piece of code using the number, and
if it fails, it fails. However, if you must, you need to
do type(x) is type(1) and ... etc., or isinstance(x, int)
and isinstance(x, float), etc.
I used to use the latter approach suggested by Gerrit, but I recently
found on the web an alternative, elegant approach that might work
(sorry, I don't recall where I found it!):
hasattr(x, '__int__')
If the "__int__" method is defined for "x", it is a number. This will
work for integer, long, float and complex types, as well as for custom
classes that emulate numeric types.
Regards,
JSeb
Jean-S?bastien Bolduc wrote: I used to use the latter approach suggested by Gerrit, but I recently
found on the web an alternative, elegant approach that might work
(sorry, I don't recall where I found it!):
hasattr(x, '__int__')
If the "__int__" method is defined for "x", it is a number. This will
work for integer, long, float and complex types, as well as for custom
classes that emulate numeric types.
This is an insidiously bad idea, in my opinion. All having an __int__
method means is there is some _conversion_ from an instance to an int
type. It does not at all mean the custom instance spends most of its
life behaving as an integer.
--
Erik Max Francis && ma*@alcyone.com && http://www.alcyone.com/max/
__ San Jose, CA, USA && 37 20 N 121 53 W && &tSftDotIotE
/ \ We grow in time to trust the future for our answers.
\__/ Ruth Benedict
In article <3F***************@alcyone.com>,
Erik Max Francis <ma*@alcyone.com> wrote: Jean-S?bastien Bolduc wrote:
If the "__int__" method is defined for "x", it is a number. This will
work for integer, long, float and complex types, as well as for custom
classes that emulate numeric types.
This is an insidiously bad idea, in my opinion. All having an __int__
method means is there is some _conversion_ from an instance to an int
type. It does not at all mean the custom instance spends most of its
life behaving as an integer.
Yup. There's been some talk of adding an __index___() method or
something to deal with that.
--
Aahz (aa**@pythoncraft.com) <*> http://www.pythoncraft.com/
"It is easier to optimize correct code than to correct optimized code."
--Bill Harlan This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Colin Coghill (SFive) |
last post by:
Hi, a year or so back some students of mine and I wrote some software
which made use of the rexec module to run untrusted user code relatively
safely. (We were creating a prototype of a mobile-code...
|
by: Huaiyu Zhu |
last post by:
What is the prefered way to eval a string like "('a', 1)"? These strings
are representations of simple objects of type int, str, or dict, tuple or
list made of them. I do not want to use naked...
|
by: Paul Miller |
last post by:
I came across this recipe on the Python Cookbook site:
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/286134
As written, it allows evaluation of either constants or more general...
|
by: Kay Schluehr |
last post by:
Cited from Python-doc ( v.2.3 )
My question about rexec and bastion may be anachronistic but I did not
found much explanation, why rexec and bastion are swiss cheese? It may
be helpfull to...
|
by: JoeBrain00 |
last post by:
Sorry if this is in the wrong forum, I couldn't find another place for
it...
Does anyone use Visual Integration Studio? (
http://www.crossrhoades.com )
I am attempting to load some Oracle...
|
by: Mark Fink |
last post by:
Hi there,
I at the moment port a library from Python to Jython (at lease I try to
do so :-))). The library uses the Rexec to form a type adapter to cast
parameters given as text into the according...
|
by: Erik Johnson |
last post by:
The documentation for these two modules says that they were disabled in
Python 2.3 due to security holes not easily fixable. I have not worked with
them, but I can still import them under Python...
|
by: Paul Miller |
last post by:
Bastion and rexec have been deprecated since Python 2.2, so it seems
we (the Python community) have gotten along well enough without them.
Have these modules not been reimplemented because:
a)...
|
by: datactrl |
last post by:
Hi, all
I'd like to execute a remote program in Windows operation system with rexec in PHP. Is there a rexec module PHP instead of using PHP to create a process to run rexec, just like CGI? Or is...
|
by: CloudSolutions |
last post by:
Introduction:
For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
|
by: ryjfgjl |
last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: aa123db |
last post by:
Variable and constants
Use var or let for variables and const fror constants.
Var foo ='bar';
Let foo ='bar';const baz ='bar';
Functions
function $name$ ($parameters$) {
}
...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
| |
