Restricted Access
Diez B. Roggisch
deets at nospam.web.de
Tue Jul 11 11:26:01 EDT 2006
iapain wrote:
>
>> my_innocent_object = __import__(''.join([chr(110+x) for x in [1, 5]]))
>
> Thats really smart way, yeah i had plan to scan and detect but I think
> its not gonna work.
>
>> Creating a restricted execution environment is *hard*. As far as I know,
>> even Microsoft has never attempted it. And for all of Sun's resources and
>> talent, security holes are sometimes found even in Java.
>
> Does that mean there is no way to implement restricted enviorment?
In a nutshell: yes, especially if not designed from ground up that way. If
you need it, the best thing to do is to put some distance between your code
and the possibly malicious one, using some RPC.
Diez
More information about the Python-list
mailing list