securing a python execution environment...
Giles Brown
giles_brown at hotmail.com
Mon Nov 19 09:01:28 EST 2007
On 19 Nov, 11:16, Chris Withers <ch... at simplistix.co.uk> wrote:
> Hi All,
>
> I'm trying to build a secure execution environment for bits of python
> for two reasons:
>
> - to allow users of the system to write scripts in python without
> circumventing the application's security model
>
> - to allow the system to have an environment where security is handled
> without having to do explicit checks in every piece of example code.
>
> This second point is better demonstrated by an example:
>
> Bad:
>
> >>> from security import check,AccessDenied
> >>> if check(someobj,'someattr'):
> >>> print someattr
> >>> else:
> >>> raise AccessDenied("can't access 'someattr')
> Traceback (most recent call last):
> File "<stdin>", line ?, in ?
> AccessDenied: can't access 'someattr'
>
> Good:
>
> >>> someobj.someattr
> Traceback (most recent call last):
> File "<stdin>", line ?, in ?
> AccessDenied: can't access 'someattr'
>
> Now, I think I can get a lot of this from Zope 3's security proxy
> objects, however I need to find a way to limit the importing of modules
> to, for example, prevent people importing the method that unwraps the
> proxy objects ;-)
>
> Have other people bumped into this problem?
> What solutions do people recommend?
>
> cheers,
>
> Chris
>
> --
> Simplistix - Content Management, Zope & Python Consulting
> -http://www.simplistix.co.uk
Maybe this is of interest?
http://codespeak.net/pypy/dist/pypy/doc/sandbox.html
More information about the Python-list
mailing list