Secured CPython interpreter in embedded situations
Brett C.
bcannon at gmail.com
Wed Jun 20 21:52:52 EDT 2007
I have been working on making Python a secure interpreter to run when
embedded in terms of resources with an object representation (e.g.,
files but not memory or CPU). To save myself from repeating myself
and missing some details of exactly what I have done I am going to
point to a post to my Python blog (and I have replied to people in the
comments so if you have a question it may have been answered there):
http://sayspy.blogspot.com/2007/05/i-have-finished-securing-python.html
.
With no one having told me they have found a hole in the design I am
ready to make a wider announcement here. If you have a use for a
secured CPython interpreter then please have a look (although the work
generalizes to the language, I implemented it in CPython since that is
what I know best). This work is not about replacing rexec, though!
It secures the entire interpreter and is not about running some Python
code at a higher privilege level than some other code.
If you manage to check out the code and get it run, let me know (I
have one report of someone getting it to compile but erroring out
immediately but I can't reproduce it as it still works for me after a
``make distclean``). And if you do manage to break the security model
(manage to open a file, import a module that is not whitelisted,
etc.), then PLEASE let me know! If the work holds up I will make an
announcement in c.l.py.a and then start the process to get my changes
into the trunk so that you don't need to use a branch.
Thanks in advance to anyone who gives the code a whirl.
-Brett
More information about the Python-list
mailing list