[Chicago] built app to auto-generate UI for scripts.

Carl Karsten carl at personnelware.com
Wed Jul 23 00:55:24 CEST 2014 

What makes Python great is that you can do really powerful stuff pretty
easy.

too bad cuz you don't want that here.

Here is a smart person talking about it.
http://pyvideo.org/video/2585/building-and-breaking-a-python-sandbox




On Tue, Jul 15, 2014 at 3:17 PM, Paul Katsen <pkpp1233 at gmail.com> wrote:

> Setting up rate limit today. Right now the container just times-out. And
> you're right, container being taken down is no problem b/c I'm running one
> for each script. There has to be a secure way to pull this off.
>
> Right now you have to sign up to publish, but you can run code
> unrestricted. Just testing if quickly publishing scripts is valuable at all.
>
>
> On Tue, Jul 15, 2014 at 2:14 PM, Japhy Bartlett <japhy at pearachute.com>
> wrote:
>
>> The last I heard this was just a Bad Idea, from python-dev back in the
>> day:
>>
>> http://lwn.net/Articles/321872/
>>
>>
>> I guess since docker is pretty ephemeral you can live with a container
>> being taken down.  Regularly nuke them and rebuild to keep malware out.
>>  Rate limit new creations and CPU/memory usage somehow?
>>
>> Definitely check your firewalls to keep anyone from launching spam or
>> DDOS attacks from your servers..
>>
>> This just seems like a massive liability, not sure how Coursera or anyone
>> is getting away with it.  Is it restricted to verified users somehow?
>>
>>
>> On Tue, Jul 15, 2014 at 1:39 PM, Joe Germuska <joe at germuska.com> wrote:
>>
>>> Hey, Paul:
>>>
>>> I don’t have direct experience, but see
>>> https://wiki.python.org/moin/SandboxedPython
>>> and
>>>
>>> https://wiki.python.org/moin/Asking%20for%20Help/How%20can%20I%20run%20an%20untrusted%20Python%20script%20safely%20%28i.e.%20Sandbox%29
>>> <https://wiki.python.org/moin/Asking%20for%20Help/How%20can%20I%20run%20an%20untrusted%20Python%20script%20safely%20(i.e.%20Sandbox)>
>>>
>>> Joe
>>>
>>> On Jul 15, 2014, at 1:33 PM, Paul Katsen <pkpp1233 at gmail.com> wrote:
>>>
>>> any advice on how to sandbox even more? i know sites like Udacity and
>>> Coursera are running arbitrary code too.
>>>
>>>
>>> On Tue, Jul 15, 2014 at 1:21 PM, Japhy Bartlett <japhy at pearachute.com>
>>> wrote:
>>>
>>>> you're kind of sandboxed at least because you're running in docker, but
>>>> this is very vulnerable to malicious code!
>>>>
>>>> import subprocess
>>>> subprocess.call('whoami')
>>>>
>>>>
>>>> > root
>>>>
>>>>
>>>> On Tue, Jul 15, 2014 at 1:06 PM, Paul Katsen <pkpp1233 at gmail.com>
>>>> wrote:
>>>>
>>>>> Hey ya'll.
>>>>>
>>>>> I kept needing to teach non-engineers how to use the terminal to run
>>>>> scripts. Decided to just hack up a site last week where you can copy/paste
>>>>> your script in, select inputs for your script, and you get a shareable link
>>>>> to run your code.
>>>>>
>>>>> Check it out - would love your feedback:
>>>>> https://python.blockspring.com/.
>>>>>
>>>>>  -Paul
>>>>>
>>>>> _______________________________________________
>>>>> Chicago mailing list
>>>>> Chicago at python.org
>>>>> https://mail.python.org/mailman/listinfo/chicago
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> Chicago mailing list
>>>> Chicago at python.org
>>>> https://mail.python.org/mailman/listinfo/chicago
>>>>
>>>>
>>> _______________________________________________
>>> Chicago mailing list
>>> Chicago at python.org
>>> https://mail.python.org/mailman/listinfo/chicago
>>>
>>>
>>> --
>>> Joe Germuska
>>> Joe at Germuska.com * http://blog.germuska.com *
>>> http://twitter.com/JoeGermuska
>>>
>>> "Learn to fear any church that fears drums." --Regie Gibson
>>>
>>>
>>> _______________________________________________
>>> Chicago mailing list
>>> Chicago at python.org
>>> https://mail.python.org/mailman/listinfo/chicago
>>>
>>>
>>
>> _______________________________________________
>> Chicago mailing list
>> Chicago at python.org
>> https://mail.python.org/mailman/listinfo/chicago
>>
>>
>
> _______________________________________________
> Chicago mailing list
> Chicago at python.org
> https://mail.python.org/mailman/listinfo/chicago
>
>


-- 
Carl K
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/chicago/attachments/20140722/ce6bd183/attachment.html>

More information about the Chicago mailing list