Embedded python security
Jason Orendorff
jason at jorendorff.com
Tue Jan 15 22:35:32 EST 2002
> The thing is, I don't need users trying to hack the server through the
> scripts, and I know that those kind of security issues have been tackled
> in the case of javascript since it is used for client-side web scripting.
> My question is, have these kinds of issues been dealt with in python? Is
> there some kind of "sandbox" I can run python scripts in?
Yes. There are modules rexec and bastion that will help with this.
The principles are simple enough that you can even do it "by hand":
vars = {'__builtins__' : {}}
while 1:
try:
exec raw_input(">>> ") in vars
except:
print "ERROR"
But almost no matter what you do, the following code will peg the CPU
and cause the lights in your building to dim for a moment, until the
machine runs out of memory.
10**(10L**100)
Short answer: don't do it.
## Jason Orendorff http://www.jorendorff.com/
More information about the Python-list
mailing list