Secure Python
Steve Holden
steve at holdenweb.com
Fri Nov 17 10:08:35 EST 2006
Hendrik van Rooyen wrote:
> "Stephan Kuhagen" <nospam at domain.tld> wrote:
>
>
>> The problem with linux kernel limits are, that they won't work really good
>> on MacOSX and Windows... OTOH the idea is the right one, but the effect can
>> be achieved inside of Python. Since Python does byte compile the code and
>> the interpreter evaluates each byte code token in one evaluation step. The
>> interpreter could be extended for such usecases to count and limit the
>> number of evaluation steps allowed for untrusted script or methods in
>> untrusted script as well as to limit the recursion depth or memory to be
>> allocated. All those limits are managed by the interpreter for script code
>> and hence can be limited for untrusted code by the interpreter. This also
>> does not really make DoS impossible (what about C extensions? - maybe
>> restricting "import"?). - As I said before in this thread, making a sandbox
>> really secure is a hard job, and may need some serious changes in the
>> Python interpreter, but AFAIK from Tcl, it is possible - and would be nice
>> to have.
>
> I seem to recall previous discussion on this group about a thing called the
> bastion module,
> and that it was deprecated. Not sure if it has any relevance.
>
Anyone with an interest in secure Python should take a look at what
Brett Cannon is doing in his postgraduate work. There have been some
discussions on the python-dev list.
regards
Steve
--
Steve Holden +44 150 684 7255 +1 800 494 3119
Holden Web LLC/Ltd http://www.holdenweb.com
Skype: holdenweb http://holdenweb.blogspot.com
Recent Ramblings http://del.icio.us/steve.holden
More information about the Python-list
mailing list