473,405 Members | 2,167 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > python > questions > recec & bastion ?

Join Bytes to post your question to a community of 473,405 software developers and data experts.

recec & Bastion ?


The documentation for these two modules says that they were disabled in
Python 2.3 due to security holes not easily fixable. I have not worked with
them, but I can still import them under Python 2.4, so I'm not clear on
whether the security problems were fixed in Python itself, or whether the
modules remain deprecated (disabled?)? How are/were they actually disabled?
Any place that documents what the problems are? Any alternatives?

Thanks,
-ej
Apr 11 '07 #1
2 1404
I mean, of course, rexec (not recec) and Bastion
Apr 11 '07 #2
En Wed, 11 Apr 2007 19:26:27 -0300, Erik Johnson <no****@invalid.com>
escribió:
The documentation for these two modules says that they were disabled
in
Python 2.3 due to security holes not easily fixable. I have not worked
with
them, but I can still import them under Python 2.4, so I'm not clear on
whether the security problems were fixed in Python itself, or whether the
modules remain deprecated (disabled?)? How are/were they actually
disabled?
Any place that documents what the problems are? Any alternatives?
They were unsecure in 2003, and still are. This example still works (you
have to re-enable Bastion.py and rexec.py to test, removing the explicit
RuntimeError raise)
http://mail.python.org/pipermail/pyt...ry/031851.html

With new-style classes you can create new instances using type(), by
example; this way you can bypass the read-only restriction on files.
The language has grown plenty of new attributes, they're very handy, but
provide a lot of security holes; like __subclasses__ by example.

As far as I know, Python can't secure itself by now. I think you have to
go outside Python, using a chroot jail by example.

--
Gabriel Genellina

Apr 12 '07 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
Replacement for rexec/Bastion?
by: Colin Coghill (SFive) | last post by:
Hi, a year or so back some students of mine and I wrote some software which made use of the rexec module to run untrusted user code relatively safely. (We were creating a prototype of a mobile-code...
Python
2
rexec and bastion
by: Kay Schluehr | last post by:
Cited from Python-doc ( v.2.3 ) My question about rexec and bastion may be anachronistic but I did not found much explanation, why rexec and bastion are swiss cheese? It may be helpfull to...
Python
2
Webapp servers & security
by: Anakim Border | last post by:
App servers such as quixote, webware and skunkweb (just to name a few) offer a clean environment to develop Python webapps. I have some problems, however, understanding their security model. My...
Python
1
how can I display "&#34" etc. after xml-xsl transformation?
by: DrTebi | last post by:
Hello, I have the following problem: I used to "encode" my email address within links, in order to avoid (most) email spiders. So I had a link like this: <a...
.NET Framework
0
XALAN and &amp; in links
by: Thomas Scheffler | last post by:
Hi, I runned in trouble using XALAN for XSL-Transformation. The following snipplet show what I mean: <a href="http://blah.com/?test=test&amp;test2=test2">Test1&amp;</a> <a...
.NET Framework
4
XSL output method to XML & JavaScript problem
by: johkar | last post by:
When the output method is set to xml, even though I have CDATA around my JavaScript, the operaters of && and < are converted to XML character entities which causes errors in my JavaScript. I know...
.NET Framework
14
Problems with "&amp;" changing to "&"
by: Arne | last post by:
A lot of Firefox users I know, says they have problems with validation where the ampersand sign has to be written as &amp; to be valid. I don't have Firefox my self and don't wont to install it only...
HTML / CSS
12
How to make XslCompiledTransform transform &amps; as XslTransform does
by: InvalidLastName | last post by:
We have been used XslTransform. .NET 1.1, for transform XML document, Dataset with xsl to HTML. Some of these html contents contain javascript and links. For example: // javascript if (a &gt; b)...
.NET Framework
3
Bastion/rexec use cases?
by: Paul Miller | last post by:
Bastion and rexec have been deprecated since Python 2.2, so it seems we (the Python community) have gotten along well enough without them. Have these modules not been reimplemented because: a)...
Python
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!