Embedded python security
Joseph A Knapka
jknapka at earthlink.net
Wed Jan 16 11:51:28 EST 2002
Dave Conrad wrote:
>
> I'm working on a program that is going to have some scriptable elements,
> with, perhaps, untrusted users uploading scripts to a server. (I say
> 'perhaps' because the details and architecture are still being worked out.)
>
> I thought briefly about creating my own mini-language (the scriptable
> elements will not be too terribly flexible, and the scripts will thus
> tend to be simple), but I don't relish the work, the bugs, and the
> inherent idiosyncratic-ness that will result from reinventing this
> particular wheel, and so I'm considering something like python, or s-lang,
> or guile, or javascript as an embedded scripting language.
>
> The thing is, I don't need users trying to hack the server through the
> scripts, and I know that those kind of security issues have been tackled
> in the case of javascript since it is used for client-side web scripting.
> My question is, have these kinds of issues been dealt with in python? Is
> there some kind of "sandbox" I can run python scripts in?
>
> I know the interpreter is embeddable in C programs (oh, did I mention I'm
> writing this server code in C? I ought to have, oughtn't I?), but is there
> a version of it with all the I/O stuff, and execve stuff, ripped out? And
> other security issues tackled? (The scripts aren't going to need to do
> anything more than some computation, really.)
>
> I like python, and have been using it on and off for a few months now (I'm
> mainly a C, Java, Perl, and C++-when-necessary-for-pay programmer), and I'd
> like to use it in this project, but I'm currently leaning to JavaScript
> (Mozilla SpiderMonkey, specifically) because I trust these issues have been
> dealt with there. I'd appreciate any comments on the suitability of python
> for this kind of thing, or any other comments you may feel like throwing
> my way. :-)
You might also consider Tcl <http://tcl.activestate.com>. It's
had "sandbox" functionality
(<http://tcl.activestate.com/software/plugin/safetcl.html>)
for some time, and is suitable for simple-to-middlin'
scripting tasks. Dead simple to learn, too (simpler than
JavaScript, IMO, primarily because Tcl syntax is absolutely
uniform, almost Lisp-like, though much easier on the
eyes than Lisp). Tcl is not OO in any way, however, if that's
important to you (there are OO extensions, but personally
I don't like any of them all that much).
Cheers,
-- Joe
"I should like to close this book by sticking out any part of my neck
which is not yet exposed, and making a few predictions about how the
problem of quantum gravity will in the end be solved."
--- Physicist Lee Smolin, "Three Roads to Quantum Gravity"
More information about the Python-list
mailing list