Reg secure python environment with web terminal emulator
Lakshmipathi.G
lakshmipathi.g at gmail.com
Wed Aug 7 05:15:44 EDT 2013
Hi -
Thanks for the response. Yes, we used OS features to
restrict the system user accounts.
We don't allow gcc - this helped us to avoid kernel exploits via C code like :
https://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id=42827&forum=59
https://bugzilla.redhat.com/show_bug.cgi?id=962792
We are concerned whether user may try C exploits via Python code and break the
system. What's the minimal python set-up you would suggest? I'm
thinking something like:
1- Uninstall python-devel packages
2- Remove easy_install or pip (any such install utilities)
3- Keep only very basic modules under /usr/lib/python<>/site-packages
and delete the others.
Thanks.
--
----
Cheers,
Lakshmipathi.G
FOSS Programmer.
www.giis.co.in
On Wed, Aug 7, 2013 at 11:35 AM, dieter <dieter at handshake.de> wrote:
> "Lakshmipathi.G" <lakshmipathi.g at gmail.com> writes:
>
>> We have a server running a web-based terminal emulator (based on shellinabox
>> for screen-casting check www.webminal.org) that allows users to learn
>> simple bash commands. This Linux environment secured by things like quota,
>> selinux,ulimit etc
>>
>> Now some users are requesting python access. How to ensure python is executed
>> in a restricted environment. I came across
>> http://docs.python.org/2/library/restricted.html
>> but it seems like disabled in 2.3. Any thoughts on how we can safely
>> provide python access
>> to users.
>
> When you are satisfied with the protection you have achieved
> for bash commands, those same protection might be sufficient
> for Python as well. I assume that you used operating system
> facilities to restrict what the (system) user can do on the
> operating system level: the same restriction would apply to the
> (same) user executing Python code.
>
> --
> http://mail.python.org/mailman/listinfo/python-list
More information about the Python-list
mailing list