ANNOUNCE; Try python beta
Mike Meyer
mwm at mired.org
Mon Dec 19 21:00:19 EST 2005
"Lonnie Princehouse" <finite.automaton at gmail.com> writes:
> Pretty neat =)
> But aren't you concerned about security? Letting anybody execute
> arbitrary Python expressions (and therefore also arbitrary system
> commands?!) on your box --- even from within a FreeBSD jail --- seems a
> bit dangerous.
What's there is actually more restricted than a FreeBSD jail. This one
has been tightened down to a statically linked Python interpreter, the
statically linked cgi program which does nothing but launch the Python
interpreter with the right arguments, and python library files. I've
even removed most of the latter that aren't used by the python
script. So yeah - you can run arbitrary system commands, except there
shouldn't be any.
The previous version was in a jail, which is why I didn't want it
generally announced. The logs made amusing reading. I like Gerhard's
idea of removing __import__, and have done that.
<mike
--
Mike Meyer <mwm at mired.org> http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
More information about the Python-list
mailing list