Safe Python Execution
Devan L
devlai at gmail.com
Wed Feb 15 23:43:52 EST 2006
Graham wrote:
> I've been messing around with trying to get a small sandbox like
> environment where i could execute python code in a "safe" way.
> Basically what the old restricted execution module attempted to do.
> I've written a small amount of code to get custom interpreter running,
> but i'm not really sure if its safe.
>
> The way i'm controlling functionality is with some games and exec, so
> if 'code' was the text code you wanted to execute i run:
>
> exec code in {'__builtins__':None"}
>
> obviously this doesn't give you much to play with, but it does remove
> file access and importing as far as i can tell. Can anyone think of a
> hack around this? I assume if it was this easy it would be a module
> already but i figured i would ask.
You need to remove reload, replace __import__, disable __subclasses__
(not convenient nor portable because you need to do it in the source.
Shouldn't it be restricted in restricted mode?). That removes most
glaring security holes, I think. If you need to touch any of the
attributes of the objects in the sandbox, you might want to remove
properties. I wouldn't recommend exposing any objects outside of the
sandbox to the sandbox, either.
Zope also has some cool viral proxy thing that I don't understand that
you might want to look into.
More information about the Python-list
mailing list