Chroot Jail Not Secure for Sandboxing Python?
Paul Boddie
paul at boddie.org.uk
Tue Jul 3 19:03:27 EDT 2007
Paul Boddie wrote:
>
[chroot "jail" solutions]
> I don't have the details with me now, but I'll probably upload the
> code in the near future and post some kind of explanation of what it
> does here.
I've now uploaded the code to the Python Package Index:
http://www.python.org/pypi/jailtools
It's a bit unpolished and anyone wanting to experiment with it should
look at the code to see, for example, what each of the test programs
do. I do *not* claim that this is a secure solution: it's an
experiment where a Python process is started with access only to a set
of "approved" modules, whose identity becomes that of a particular
user, and whose environment is that of a chroot "jail", with
"sandboxed" code only then being executed inside that environment.
Anyone looking for something to deploy as a solution should look
elsewhere.
Paul
More information about the Python-list
mailing list