I'm building a large infrastructure with about 30 servers (all running
linux). I allow my end users to write scripts which then get broken
down in smaller parts and run across the 30 servers. The results from
each individual run are combined and presented back to the user.
I'm currently using pylint to restrict access to many things and make
the code a little more 'safe'. (I understand that it is very
difficult, if not impossible, to make the code completely secure).
The problem I'm facing now is:
how do I restrict the user from (inadvertently or maliciously) creating
a large number of objects which will bring down the entire 100 nodes.
Some of the things which I have ruled out (due to application
architecture):
1. Running each process in its own unix process.
Current Options:
1. expose my own version of range and xrange
2. Have a sandbox where the user script is run on random data before
being pushed out to the all the servers.
Questions:
1. How can I restrict recursion for the user scripts?
2. How can I restrict list comprehension in the user script? How do I
disable user from doing [1]*10000000000000
4. Can I move the user scripting to some other language which can be
interfaced with python yet allow the "restricted" execution env.
4. Can I convert the user functions using some 'modified' variant of
pyrex which will give me more control?
Have other people faced similar problems? I would imagine this is a
common problem for anyone building distributed systems?
Python 3000:
Going forward this would be a really useful thing to see in python 3000
where a restricted exec env should be built in to the language from the
ground up.
