I'm developing a webIDE for python and I've 2 questions regarding it.
1. How can i disable some of the modules without deleting. e.g I wish
to disable "os" module.
2. How can i force user code to access only his particular folder, I
dont want to create uses in unix, e.g
fp = open(PATH, 'w') # If this PATH is defined then use can access
files else he cant .. is there is any way?
Regards!
iapain 21 1687
1. How can i disable some of the modules without deleting. e.g I wish
to disable "os" module.
If you're prepared for the massive breakage that will ensue, you can
chmod go-rwx /usr/lib/python2.3/os.*
(assuming *nix as you later detail).
2. How can i force user code to access only his particular folder, I
dont want to create uses in unix, e.g
Well, you can create a chroot jail for each user that contains a
clone of your /usr/{lib/python2.3/,bin/,usr/bin/} directories.
You'd have to include any other executables that the user would
need (important stuff like ls, cp, mv, mkdir, rmdir,
cvs/ci/co/rcs/svn, etc) This would ensure that each user doesn't
access anything that you haven't explicitly copied in to their
jail. Another alternative might just be to copy the python
libraries to some place in the user's homedir (whatever their
original library path was), revoke execute non-user execute privs
from the python executable ("chmod go-x `which python`), and then
change python to be a script that runs something like "chroot
$HOME/ python $@". Allow per-user access to this script via sudo.
Just a couple ideas you might try.
-tkc
Tim Chase wrote:
If you're prepared for the massive breakage that will ensue, you can
chmod go-rwx /usr/lib/python2.3/os.*
No, I cant change permission or delete the module, the best would be
something to detect 'import os' in user code .. but If i go with chroot
jail approch then everything will be like what i want. But chroot jail
approch would take much space on webserver, what would happen if number
of users are large.
Another alternative might just be to copy the python
libraries to some place in the user's homedir (whatever their
original library path was), revoke execute non-user execute privs
from the python executable ("chmod go-x `which python`), and then
change python to be a script that runs something like "chroot
$HOME/ python $@". Allow per-user access to this script via sudo.
Its having the same problem. The idea on which i am working is a
webide(which i already created) and a user file system(on which i am
working now) so that each user can access python globally and files
from his own folder, without adding them in unix user list.
Best!
"iapain" wrote:
No, I cant change permission or delete the module, the best would be
something to detect 'import os' in user code ..
trust me, implementing a restricted execution model for Python that actually
works is a *lot* harder than that.
googling for "python restricted execution" might give you some clues.
</F>
googling for "python restricted execution" might give you some clues.
I've already assumed that there is no rexec for me as i am using python
2.4. Yeah its much more difficult that my imagination. Should I go for
alternatives like
1. Assume every one who is using this webide, wont corrupt system
2. Use some tricks to encrypt the user path and do lots of replacement
on user code and o/p.
or something else?
Best!
iapain
"iapain" wrote:
I've already assumed that there is no rexec for me as i am using python
2.4. Yeah its much more difficult that my imagination. Should I go for
alternatives like
1. Assume every one who is using this webide, wont corrupt system
2. Use some tricks to encrypt the user path and do lots of replacement
on user code and o/p.
or something else?
unless you're willing to build a restricted runtime that runs on top of the core inter-
preter, you should assume that anyone writing a Python script that's executed by
your program has access to everything that your Python process has access to...
</F>
unless you're willing to build a restricted runtime that runs on top of the core inter-
preter, you should assume that anyone writing a Python script that's executed by
your program has access to everything that your Python process has access to...
I think using replacements I can ban atleast OS module and about files,
either i should ban file open or write my own module something like
rexec, truefully i dont know if I can write that one or not. I was
thinking that this gonna take few days but looking much more difficult.
Thanks Fred! for nice tutorials on www.
On Tue, 11 Jul 2006 06:21:39 -0700, iapain wrote:
>unless you're willing to build a restricted runtime that runs on top of the core inter- preter, you should assume that anyone writing a Python script that's executed by your program has access to everything that your Python process has access to...
I think using replacements I can ban atleast OS module and about files,
How are you planning on banning the module? Are you thinking about using
source code scanning to detect risky code?
What about modules which export os? It's one thing to "ban" os, but
did you remember to ban glob.os? How about site.os? And netrc.os? And and
and and...
What about this line of code?
my_innocent_object = __import__(''.join([chr(110+x) for x in [1, 5]]))
Creating a restricted execution environment is *hard*. As far as I know,
even Microsoft has never attempted it. And for all of Sun's resources and
talent, security holes are sometimes found even in Java.
--
Steven
my_innocent_object = __import__(''.join([chr(110+x) for x in [1, 5]]))
Thats really smart way, yeah i had plan to scan and detect but I think
its not gonna work.
Creating a restricted execution environment is *hard*. As far as I know,
even Microsoft has never attempted it. And for all of Sun's resources and
talent, security holes are sometimes found even in Java.
Does that mean there is no way to implement restricted enviorment?
Best!
iapain
iapain wrote:
>
>my_innocent_object = __import__(''.join([chr(110+x) for x in [1, 5]]))
Thats really smart way, yeah i had plan to scan and detect but I think
its not gonna work.
>Creating a restricted execution environment is *hard*. As far as I know, even Microsoft has never attempted it. And for all of Sun's resources and talent, security holes are sometimes found even in Java.
Does that mean there is no way to implement restricted enviorment?
In a nutshell: yes, especially if not designed from ground up that way. If
you need it, the best thing to do is to put some distance between your code
and the possibly malicious one, using some RPC.
Diez
In article <11**********************@b28g2000cwb.googlegroups .com>,
iapain <ia****@gmail.comwrote:
Steven D'Aprano wrote:
Creating a restricted execution environment is *hard*. As far as I know,
even Microsoft has never attempted it. And for all of Sun's resources and
talent, security holes are sometimes found even in Java.
Java is not the only restricted execution environment around.
Javascript, as implemented by most browsers, is an excellent lightweight
restricted execution environment, and there are many browsers which have
good implementations.
Regards
Sreeram
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEs9RGrgn0plK5qqURAnjvAKC/0kaWmWFI8un4016RGsNgm+3bggCgnhgh
P3NgiQD1zTVcqazwkr/qNEc=
=FBpd
-----END PGP SIGNATURE-----
The most knowledgeable people have effectively given up, in
regard to Python.
I guess now I am up with only one option, i.e hope that user input code
wont be evil to the system. **which is rarely possible**
"K.S.Sreeram" <sr*****@tachyontech.netwrites:
Java is not the only restricted execution environment around.
Javascript, as implemented by most browsers, is an excellent lightweight
restricted execution environment, and there are many browsers which have
good implementations.
And we hear about browser security bugs all the time, for which the
workaround is "shut off javascript".
Cameron Laird wrote:
In article <11**********************@b28g2000cwb.googlegroups .com>,
iapain <ia****@gmail.comwrote:
.
.
.
>>Does that mean there is no way to implement restricted enviorment?
.
.
.
The most knowledgeable people have effectively given up, in
regard to Python.
Brett Cannon is currently trying to come up with a comprehensive spec
and implementation of a sandboxed Python interpreter, for use in
Mozilla as a JavaScript replacement. (look in the python-dev archives
for more)
Georg
Brett Cannon is currently trying to come up with a comprehensive spec
and implementation of a sandboxed Python interpreter, for use in
Mozilla as a JavaScript replacement. (look in the python-dev archives
for more)
I'm not sure he is working or not, latest i read was he purposed new
restricted enviornment for python.
Best!
Georg Brandl wrote:
Cameron Laird wrote:
In article <11**********************@b28g2000cwb.googlegroups .com>,
iapain <ia****@gmail.comwrote:
.
.
.
>Does that mean there is no way to implement restricted enviorment?
.
.
.
The most knowledgeable people have effectively given up, in
regard to Python.
also relevant is the 2 "Try python" online shells that were discussed
last January or so http://groups.google.com/group/comp....0?q=trypython&
On 11 Jul 2006 10:19:22 -0700 in comp.lang.python, Paul Rubin
<http://ph****@NOSPAM.invalidwrote:
>"K.S.Sreeram" <sr*****@tachyontech.netwrites:
>Java is not the only restricted execution environment around. Javascript, as implemented by most browsers, is an excellent lightweight restricted execution environment, and there are many browsers which have good implementations.
And we hear about browser security bugs all the time, for which the workaround is "shut off javascript".
And Java...
Regards,
-=Dave
--
Change is inevitable, progress is not.
Paul Rubin wrote:
"K.S.Sreeram" <sr*****@tachyontech.netwrites:
>Java is not the only restricted execution environment around. Javascript, as implemented by most browsers, is an excellent lightweight restricted execution environment, and there are many browsers which have good implementations.
And we hear about browser security bugs all the time, for which the
workaround is "shut off javascript".
They all have bugs (including java), but atleast the architecture itself
isnt flawed (unlike say, ActiveX).
Anyways, the point I was trying to make is that, Sun is not the only one
to have implemented a restricted execution environment. Opera, Mozilla,
Safari etc,have all done it.
Regards
Sreeram
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFEtDp/rgn0plK5qqURAo6gAJ496tWGJmmKTga2MtscI41uiL6+WACaA7 C5
DxcvH4TIwQEQBCEZuPXA95Y=
=X1ju
-----END PGP SIGNATURE-----
Do you have an IBM s/370 running VM/CMS? VM was sort of an OS for
running multiple OSs, so it would be the "restricted environment" <G>
I'm having currently working on OS/2 and Linux platform, I've designed
a web based ide for python and i wish to restrict some commands and
user can only access i.e rwx in his folder.
Best!
Le mercredi 12 juillet 2006 08:17, iapain a écrit*:
>
I'm having currently working on OS/2 and Linux platform, I've designed
a web based ide for python and i wish to restrict some commands
There is a restricted environment in Zope for TTW python scripts and
ZPT/DTML .
These scripts are run in the Zope process in a very restricted environment
which forbid the use of most builtins and allow the import of a limited list
of modules.
Why don't use the RestrictedPython module from Zope (2.8 and up) and adapt it
a bit. It seems loose coupled to the Zope internals (except for the
multimapping class which is an extension class, but I doubt it's really a
problem). It shouldn't be a too hard.
You'll need to make your own AccessControl/ZopeGuards.py-like module, and
probably subclass the RestrictionMutator to enable/disable certain
functionnality (interdiction of names beginning by '_' for example is hard
coded).
At last, you will get a simple example of the usage of the whole beast from
your own interpreter in Products/PythonScripts.
and
user can only access i.e rwx in his folder.
This should be possible by providing a wrapper function for file and open (see
the Guards.py module).
IMO, it worth to be tried, and I don't see any other short-term, less hacky,
solution.
regards,
--
_____________
Maric Michaud
_____________
Aristote - www.aristote.info
3 place des tapis
69004 Lyon
Tel: +33 426 880 097
You'll need to make your own AccessControl/ZopeGuards.py-like module, and
probably subclass the RestrictionMutator to enable/disable certain
functionnality (interdiction of names beginning by '_' for example is hard
coded).
Your reply is pretty hopeful, I saw that one, its the only fractional
part. I'm agree with others that I need to setup a safe runtime
enviornment rather than detecting harmful code.
This should be possible by providing a wrapper function for file and open (see
the Guards.py module).
Thats a nice idea, I guess it should work. I should try it really
quick! Thanks!
Best!
iapain This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Sean R. Lynch |
last post by:
I've been playing around with Zope's RestrictedPython, and I think I'm
on the way to making the modifications necessary to create a
capabilities-based restricted execution system. The idea is to...
|
by: Rolf Magnus |
last post by:
Hi,
I would like to embed a python interpreter within a program, but since that
program would be able to automatically download scripts from the internet,
I'd like to run those in a restricted...
|
by: sriram |
last post by:
Hi,
I am seeing a weird problem with DB2 8.2. When we connect to the
database using the following command in db2 CLP
db2 connect to <dbname> user <user> using <passwd>
I get the following...
|
by: Julian V. Noble |
last post by:
Dear C Mavens,
Anyone here getting hosts of spam with nefarious attachments,
purporting to be from M$ or its lackeys, into your mailbox?
I neglected to spoof my header, and since Hurricane...
|
by: Peter Ammon |
last post by:
It's my understanding that the printf() function is declared as
int printf(const char * restrict format, ...);
in stdio.h. And loosely speaking, if a parameter is declared as
restricted, then...
|
by: Jussi |
last post by:
Hi!
I have a COM server object in which I have set certain interfaces
restricted/hidden. For example
With VB client these attributes works as excpected. However if I use this
same COM...
|
by: Kiran_Juikar |
last post by:
In my application, I want to copy some file from network location to local
machine folder. It works fine for administrator but If I run it with
restricted user (not having permissions to local...
|
by: Steve |
last post by:
Hi All
I have several vb.net 2005 apps which have run fine until now
A new customer has set up windows XP with restricted users
When my application starts I get errors, when accessing the...
|
by: Spiros Bousbouras |
last post by:
Is there a way to mimick restricted pointers
using array syntax ? So I'm looking for something
to add to a statement such as "int arr" which
will tell the compiler that I will only access the...
|
by: taylorcarr |
last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: ryjfgjl |
last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
| |