Sandboxes
Paul Rubin
http
Sat Aug 20 07:13:03 EDT 2005
42 <nospam at nospam.com> writes:
> Googling for information on securing Python in a "sandbox" seems
> indicate that there are some built in features, but they aren't really
> trustworthy. Is that correct?
Yes.
> For my purposes, I really just want to let users run in a sandbox, with
> access to only the language, manipuate a few published objects in the
> application (and perhaps give them some string and math libraries if
> applicable).
If they are malicious, this is asking for trouble.
> I was wondering if it would be effective to pre-parse incoming scripts
> and reject those containing "import"? I'd also have the application
> inject the (short) list of trusted imports to the script before passing
> it to the interpreter.
No, that's not enough.
> Would this sufficient? Are there any drawbacks or giant gaping holes?
> I'm anticipating that I'd also need to block 'exec' and 'eval' to
> prevent an import from being obfuscated past the pre-parse.
>
> Or is this a hopeless cause?
Yes. It's even difficult with Java and Javascript, which were designed
to have such security.
More information about the Python-list
mailing list