By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
458,013 Members | 1,167 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 458,013 IT Pros & Developers. It's quick & easy.

Running insecure python code

P: n/a
Im developing a game where the players will program their equipment with
python. Are there any ways to run insecure code? I dont want the clients
to mess with the server-code through their own code, or even DOS the box
by using up too much memory.

Here is some examples of how the equipment should be programmed:
---
# Proxmity explosive example

import cpu

explosive = cpu.connection(0x01,"explosive")
motion_detector = cpu.connection(0x02,"explosive")
class Main:
def event_Motion(self):
explosive.trigger(delay=0)

cpu.reg_event(motion_detector.event_Motion, self.event_Motion)
cpu.start()

---
# Broadcast chat equipment

import cpu
import io

terminal = cpu.connection(0x01,"User personal terminal connection")
radio = cpu.connection(0x02,"Radio tranceiver")
mem = cpu.connection(0x03,"Memory chip")
if mem.get("FREQ") == None: freq = 12345 ; mem.store("FREQ",12345)

class Main:
cpu.reg_event(radio.receive, self.event_Message)
cpu.reg_event(terminal.input, self.event_Input)
def event_Message(self,message):
terminal.write(message + "\r\n")
def event_Input(self,data):
if data[0] == "/":
if string.upper(string.split(data[1:]))[0] == "CHANNEL":
radio.setFreq(int(string.split(data)[2]))
mem.store("FREQ",int(string.split(data)[2])
else:
radio.send(data)
---

I see the following problems:
1. looping code
Are there any way to avoid this by checking the "eip" within a usercode?
Is it possible to multiplex between user codes to avoid this?
Is it possible to limit execution speed (set the cpu to 5 instructions
pr second)

2. blocking code / untrusted/insecure code
Is there a effective way to limit the available functions the usercode?
(perhaps like the java securityhandler way)

3. memory-dos
Limiting the storage size (or even forcing the user to store EVERYTHING
in the mem object)
I dont know if this is even possible (without modifying the python
source, which would force me to perhaps seperate server code and user code)

Jul 18 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a

"Noen" <no***********@na.no> wrote in message
news:hQ*********************@juliett.dax.net...
Im developing a game where the players will program their equipment with
python. Are there any ways to run insecure code?
safely, without letting
clients mess with the server-code through their own code, or even DOS the box by using up too much memory.


There have been several threads on this topic. Quick answer: nothing as
good as you would want. Stackless, with its tasklets, may be your best bet
once updated to run with 2.3.3.

Terry J. Reedy


Jul 18 '05 #2

P: n/a
On 2004-02-26 21:21:37 -0500, "Terry Reedy" <tj*****@udel.edu> said:

"Noen" <no***********@na.no> wrote in message
news:hQ*********************@juliett.dax.net...
Im developing a game where the players will program their equipment with
python. Are there any ways to run insecure code?


safely, without letting
> clients mess with the server-code through their own code, or even DOS

the box
by using up too much memory.


There have been several threads on this topic. Quick answer: nothing as
good as you would want. Stackless, with its tasklets, may be your best bet
once updated to run with 2.3.3.


Even with stackless, you're not going to be able to stop them from
using "too much memory". Besides, you can't stop a determined and
experienced python hacker from getting ANYTHING (even if it's written
in C) ;)

Stackless 3.0 (Python 2.3.3) compiles and works just fine from CVS
HEAD, and I believe windows binaries are even available. Of course,
documentation is lacking, and we're planning to do quite a bit of stuff
during the sprints next month.. but it's good enough to use if you want
to.

-bob

Jul 18 '05 #3

P: n/a
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bob Ippolito wrote:
Perhaps writing a new script language using the builtin parser module
would solve the problems... Any pre-made scripting languages written in
python out in the wild?

| On 2004-02-26 21:21:37 -0500, "Terry Reedy" <tj*****@udel.edu> said:
|
|>
|> "Noen" <no***********@na.no> wrote in message
|> news:hQ*********************@juliett.dax.net...
|>
|>> Im developing a game where the players will program their equipment with
|>> python. Are there any ways to run insecure code?
|>
|>
|> safely, without letting
|>
|> > clients mess with the server-code through their own code, or even DOS
|> the box
|>
|>> by using up too much memory.
|>
|>
|> There have been several threads on this topic. Quick answer: nothing as
|> good as you would want. Stackless, with its tasklets, may be your
|> best bet
|> once updated to run with 2.3.3.
|
|
| Even with stackless, you're not going to be able to stop them from using
| "too much memory". Besides, you can't stop a determined and experienced
| python hacker from getting ANYTHING (even if it's written in C) ;)
|
| Stackless 3.0 (Python 2.3.3) compiles and works just fine from CVS HEAD,
| and I believe windows binaries are even available. Of course,
| documentation is lacking, and we're planning to do quite a bit of stuff
| during the sprints next month.. but it's good enough to use if you
want to.
|
| -bob
|

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFAP7kZ9vKlXPxSchIRAnFEAJ9hyB2zj54ZWvm4xyCaXw Mk+xeQAQCdGEqB
4uZcunGZf7tO1xqS78QER8Q=
=dFNj
-----END PGP SIGNATURE-----

Jul 18 '05 #4

P: n/a
You can try looking into PyPy or something. In practice, an
interpreter written in Python is probably going to be far too slow to
be used for any sort of modern game.

You're probably better off just not worrying about the "safety" and
giving them regular Python. When something secure and/or sufficiently
multistate exists, you could migrate.

There is also the possibility of running these user tasks in separate
processes altogether (or in just one) and brokering objects between the
two (i.e. sending pickles, or something more sanitized if you're REALLY
concerned about security). This would let you use operating system
facilities to monitor the resource consumption and would give you the
same kind of security that you have between any two separate processes.
The IDLE IDE actually does something like this for running an
interpreter, and I believe it can even do debugging this way.

-bob

On 2004-02-27 16:39:36 -0500, Noen <no***********@na.no> said:
Bob Ippolito wrote:
Perhaps writing a new script language using the builtin parser module
would solve the problems... Any pre-made scripting languages written in
python out in the wild?

| On 2004-02-26 21:21:37 -0500, "Terry Reedy" <tj*****@udel.edu> said:
|
|>
|> "Noen" <no***********@na.no> wrote in message
|> news:hQ*********************@juliett.dax.net...
|>
|>> Im developing a game where the players will program their equipment with
|>> python. Are there any ways to run insecure code?
|>
|>
|> safely, without letting
|>
|> > clients mess with the server-code through their own code, or even DOS
|> the box
|>
|>> by using up too much memory.
|>
|>
|> There have been several threads on this topic. Quick answer: nothing as
|> good as you would want. Stackless, with its tasklets, may be your
|> best bet
|> once updated to run with 2.3.3.
|
|
| Even with stackless, you're not going to be able to stop them from using
| "too much memory". Besides, you can't stop a determined and experienced
| python hacker from getting ANYTHING (even if it's written in C) ;)
|
| Stackless 3.0 (Python 2.3.3) compiles and works just fine from CVS HEAD,
| and I believe windows binaries are even available. Of course,
| documentation is lacking, and we're planning to do quite a bit of stuff
| during the sprints next month.. but it's good enough to use if you
want to.


Jul 18 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.