[Python-Dev] Re: Whither rexec?
M.-A. Lemburg
mal@lemburg.com
Wed, 08 Jan 2003 20:34:36 +0100
A.M. Kuchling wrote:
> Guido van Rossum wrote:
>
>> See my recent checkins and what I just sent to python-announce (not
>> sure when the moderator will get to it):
>
>
> Back in December I reduced the "Restricted Execution" HOWTO
> to a warning not to use rexec. This morning, perhaps because of Guido's
> announcement, I've gotten two e-mails from users of the module asking
> for more details, both sounding a bit desperate for alternatives.
> Doubtless more rexec users will come out of the woodwork as a result.
>
> I'd like to add some suggested alternatives; any suggestions? People
> could run untrusted code inside a chroot()'ed jail; are there any
> packages that help with this?
>
> If the application uses Bastion to let untrusted code access various
> Python objects, things get really tough; the only option might be to
> redesign the whole application to expose some socket-based interface to
> those objects, and then run jailed code that can talk to only that
> socket. (Completely redesigning applications that rely on running
> untrusted code is probably a good idea in any event.)
If you only want to secure a few objects, then mxProxy can
help you with this: it allows access management at C level
on a per-method basis and also via callbacks...
http://www.egenix.com/files/python/mxProxy.html
--
Marc-Andre Lemburg
CEO eGenix.com Software GmbH
_______________________________________________________________________
eGenix.com -- Makers of the Python mx Extensions: mxDateTime,mxODBC,...
Python Consulting: http://www.egenix.com/
Python Software: http://www.egenix.com/files/python/