Safe Python Execution
dbpokorny at gmail.com
dbpokorny at gmail.com
Tue Feb 21 02:05:38 EST 2006
It looks like untrustedinterpreter has at least two major obstacles to
executing reasonably complex code:
augmented assignment is not supported:
a.b = 'foo'
is translated into
__getattr__(a,b) = 'foo'
Second, this is mysterious, but nevertheless...
"""This form of restricted Python assumes that security proxies will be
used to protect assets. Given this, the only thing that actually
needs to be done differently by the generated code is to:
<some other items>
- Prevent try/except and raise statements. This is mainly because they
don't work properly in the presense of security proxies. Try/except
statements will be made to work in the future.
"""
--Zope-3.2.0/Dependencies/zope.security-Zope-3.2.0/zope.security/untrustedpython/rcompile.txt
Is anyone aware of a more functional but still untrusted python? One
could remove the ability to access pipes & files from regular python,
build it, and launch the resulting python-slave from a (normal python)
master process... However I'm pretty confident that if I did this
myself, I'd leave more than a few glaring security holes for an
ambitious 9-year-old.
Any help appreciated!
David
More information about the Python-list
mailing list