471,091 Members | 1,460 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,091 software developers and data experts.

Need help with restricting number of new objects a user script can create

vj
I'm building a large infrastructure with about 30 servers (all running
linux). I allow my end users to write scripts which then get broken
down in smaller parts and run across the 30 servers. The results from
each individual run are combined and presented back to the user.

I'm currently using pylint to restrict access to many things and make
the code a little more 'safe'. (I understand that it is very
difficult, if not impossible, to make the code completely secure).
The problem I'm facing now is:

how do I restrict the user from (inadvertently or maliciously) creating
a large number of objects which will bring down the entire 100 nodes.

Some of the things which I have ruled out (due to application
architecture):
1. Running each process in its own unix process.

Current Options:
1. expose my own version of range and xrange
2. Have a sandbox where the user script is run on random data before
being pushed out to the all the servers.

Questions:
1. How can I restrict recursion for the user scripts?
2. How can I restrict list comprehension in the user script? How do I
disable user from doing [1]*10000000000000
4. Can I move the user scripting to some other language which can be
interfaced with python yet allow the "restricted" execution env.
4. Can I convert the user functions using some 'modified' variant of
pyrex which will give me more control?

Have other people faced similar problems? I would imagine this is a
common problem for anyone building distributed systems?

Python 3000:
Going forward this would be a really useful thing to see in python 3000
where a restricted exec env should be built in to the language from the
ground up.

Mar 22 '06 #1
3 1181
vj enlightened us with:
how do I restrict the user from (inadvertently or maliciously)
creating a large number of objects which will bring down the entire
100 nodes.


Use ulimit to give them a limited amount of CPU time, memory etc. The
kernel will then kill runaway processes.

Sybren
--
The problem with the world is stupidity. Not saying there should be a
capital punishment for stupidity, but why don't we just take the
safety labels off of everything and let the problem solve itself?
Frank Zappa
Mar 22 '06 #2
vj
I think the only option is to come up with my own mini language.
Searching on google, I found several examples where people replaced
python with lua for scripting. Am reading up on lua and looks very
promissing. I also tried doing the following:

for i=1,100000000 do print(i) end

on:
http://doris.sourceforge.net/lua/weblua.php

and got the following error:

Lua script:

for i=1,100000000 do print(i) end

Run using lua generates:

Fatal error: Allowed memory size of 8388608 bytes exhausted (tried to
allocate 35 bytes) in /home/groups/d/do/doris/htdocs/lua/weblua.php on
line 109

Very cool. I need to now find out if this error is being caught by the
lua script or the underlying os. There also seems to be a 2-way
lua-python bridge converted which will allow me to embed lua in my
applciation.

Mar 22 '06 #3
vj enlightened us with:
Run using lua generates:

Fatal error: Allowed memory size of 8388608 bytes exhausted (tried
to allocate 35 bytes) in
/home/groups/d/do/doris/htdocs/lua/weblua.php on line 109


Ehm... this can also be done with Python & ulimit.

Sybren
--
The problem with the world is stupidity. Not saying there should be a
capital punishment for stupidity, but why don't we just take the
safety labels off of everything and let the problem solve itself?
Frank Zappa
Mar 22 '06 #4

This discussion thread is closed

Replies have been disabled for this discussion.

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.