Executing untrusted scripts in a sandboxed environment
Ramchandra Apte
maniandram01 at gmail.com
Sat Oct 6 05:10:20 EDT 2012
On Saturday, 6 October 2012 12:49:29 UTC+5:30, Chris Angelico wrote:
> On Sat, Oct 6, 2012 at 8:22 AM, Robin Krahl <me at robin-krahl.de> wrote:
>
> > Hi all,
>
> >
>
> > I need to execute untrusted scripts in my Python application. To avoid security issues, I want to use a sandboxed environment. This means that the script authors have no access to the file system. They may only access objects, modules and classes that are "flagged" or "approved" for scripting.
>
> >
>
> > I read that I will not be able to do this with Python scripts. (See SandboxedPython page in the Python wiki [0] and several SE.com questions, e. g. [1].) So my question is: What is the best way to "embed" a script engine in a sandboxed environment that has access to the Python modules and classes that I provide?
>
>
>
> With extreme difficulty. A while back (couple years maybe? I don't
>
> remember), I ignored everyone's warnings and tried to make a sandboxed
>
> Python, embedded in a C++ application. It failed in sandboxing. With
>
> just some trivial tinkering using Python's introspection facilities, a
>
> couple of python-list people managed to read and write files, and
>
> other equally dangerous actions. Shortly thereafter, we solved the
>
> problem completely... by switching to JavaScript.
>
>
>
> Embedding CPython in an application simply doesn't afford sandboxing.
>
> To what extent do you actually need to run untrusted Python? Can you,
>
> for instance, sandbox the entire process (which wasn't an option for
>
> what we were doing)? Perhaps chrooting the Python interpreter will do
>
> what you need. But there may still be leaks, I don't know.
>
>
>
> ChrisA
Something like ast.literal_eval may be useful.
More information about the Python-list
mailing list