Bastion/rexec use cases?

[Paul Boddie]

On 7 Mai, 14:01, Duncan Booth <duncan.bo... at invalid.invalid> wrote:
> Paul Miller <neokos... at gmail.com> wrote:
> > Bastion and rexec have been deprecated since Python 2.2, so it seems
> > we (the Python community) have gotten along well enough without them.
> > Have these modules not been reimplemented because:
>
> > a) There are no valid use cases for them.
> > b) Doing so would be difficult and prone to breakage as new features
> > are introduced into the language.
> > c) Nobody has any idea how to do it.
> > d) Nobody cares.
> > e) Guido thinks it's a bad idea.
>
> > or, some combination of these?
>
> I think it is mostly 'b' plus partly nobody cares sufficiently to put the
> time, money and effort behind it.

I'd agree with this, adding that (c) is increasingly starting to apply
to CPython as new features make any potential sandboxing strategy less
coherent. Brett Cannon appears to be tackling this situation head-on,
however.

> The recent release of Silverlight means that there is now a way to run
> Python in a secure sandbox.

Also possible with Jython for a long time, I believe. Meanwhile,
others (including non-Python developers) have turned to other kinds of
solutions including virtualisation at different levels. See this page
for more discussion:

http://wiki.python.org/moin/SandboxedPython

I've experimented somewhat with a chroot-based solution, although I'm
reluctant to make it available because of an uncertainty as to whether
it really offers proper "jailing" of the executed code, along with
concerns that people may consider it secure without doing their own
homework on the matter. Ideally, I'd want to trim the Python
interpreter right down to the very basic virtual machine (without I/O)
and then build the different extensions back on in a security-oriented
framework, but I guess this is what Mr Cannon has in mind.

Paul