471,326 Members | 2,144 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,326 software developers and data experts.

Secured CPython interpreter in embedded situations

I have been working on making Python a secure interpreter to run when
embedded in terms of resources with an object representation (e.g.,
files but not memory or CPU). To save myself from repeating myself
and missing some details of exactly what I have done I am going to
point to a post to my Python blog (and I have replied to people in the
comments so if you have a question it may have been answered there):

With no one having told me they have found a hole in the design I am
ready to make a wider announcement here. If you have a use for a
secured CPython interpreter then please have a look (although the work
generalizes to the language, I implemented it in CPython since that is
what I know best). This work is not about replacing rexec, though!
It secures the entire interpreter and is not about running some Python
code at a higher privilege level than some other code.

If you manage to check out the code and get it run, let me know (I
have one report of someone getting it to compile but erroring out
immediately but I can't reproduce it as it still works for me after a
``make distclean``). And if you do manage to break the security model
(manage to open a file, import a module that is not whitelisted,
etc.), then PLEASE let me know! If the work holds up I will make an
announcement in c.l.py.a and then start the process to get my changes
into the trunk so that you don't need to use a branch.

Thanks in advance to anyone who gives the code a whirl.


Jun 21 '07 #1
0 916

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

5 posts views Thread by wahn | last post: by
1 post views Thread by Carl Waldbieser | last post: by
3 posts views Thread by seberino | last post: by
1 post views Thread by securedcardss | last post: by
3 posts views Thread by Jack | last post: by
reply views Thread by rosydwin | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.