Restricted Access
Steven D'Aprano
steve at REMOVETHIScyber.com.au
Tue Jul 11 10:33:45 EDT 2006
On Tue, 11 Jul 2006 06:21:39 -0700, iapain wrote:
>> unless you're willing to build a restricted runtime that runs on top of the core inter-
>> preter, you should assume that anyone writing a Python script that's executed by
>> your program has access to everything that your Python process has access to...
>
> I think using replacements I can ban atleast OS module and about files,
How are you planning on banning the module? Are you thinking about using
source code scanning to detect risky code?
What about modules which export os? It's one thing to "ban" os, but
did you remember to ban glob.os? How about site.os? And netrc.os? And and
and and...
What about this line of code?
my_innocent_object = __import__(''.join([chr(110+x) for x in [1, 5]]))
Creating a restricted execution environment is *hard*. As far as I know,
even Microsoft has never attempted it. And for all of Sun's resources and
talent, security holes are sometimes found even in Java.
--
Steven
More information about the Python-list
mailing list