Secure Python
timmy
timothy at open-networks.net
Thu Nov 16 19:11:38 EST 2006
Diez B. Roggisch wrote:
>>as posted before, linux kernel limit.
>>
>>then you and your users can go as crazy as you want and you won't take
>>out your system.
>>
>>maybe you should think a little more before going on the attack like that.
>
>
> You should maybe read a little bit more when making bold statements about
> the feasibility of a sandboxed _PYTHON_. The OP wrote:
>
there is nothing preventing you putting limits on the resources each
process uses, on just about any modern day OS
> At least to me - and I presume pretty much everybody except you in this
> thread -
Oh no i understand perfectly what he wants, i merely suggest a simple OS
based solution.
this means that he is interested in executing arbitrary pieces of
> python code inside the interpreter, which comes from e.g. players who
> customize their in-game behavior of their avatars.
>
> Now how exactly does linux (or any other resource limiting technique on any
> OS) help here - killing the whole game server surely isn't a desirable
> solution when one player goes berserk, might it be intentionally or not.
resource managment does not kill anything it merely prevents one process
running away and consuming the whole server. this is EXACTLY what he is
afraid of.
if he intends on running arbitrary code then i suggest he spawns each
one as a seperate thread with a spefic name and merely set limits on all
processes named X. that way he can run any whacky code he wants safely
inside those processes without fear of any one of them crashing the
server. I know it can be done under any of the nix's, I'm not sure how
to do so under windows, but it could probably be done.
>
> It is a recurring and pretty much understandable request on c.l.py to be
> able to do so - sometimes it arises in the disguise of killable threads.
> But unfortunately the solution doesn't seem to be as simple as one would
> wish.
i can understand people wanting an application based cross platform
solution to this, but i'm yet to see anything practicle hence i suggest
and OS based solution.
>
> Diez
More information about the Python-list
mailing list