Securing the Pyton Interpreter?
Stephen VanDahm
usenet at fomps.net
Tue Jul 15 09:24:53 EDT 2003
In article <yu99he5ogdnx.fsf at tinker.research.att.com>, Andrew Koenig wrote:
> Stephen> I'm looking for a way to install Python on a UNIX machine in
> Stephen> a way such that any user on the system can use it, but only
> Stephen> to execute scripts that are located in a certain directory.
>
> Why? If I were a user on that machine and wanted to execute Python
> scripts in a different directory, how would you stop me from installing
> Python on my own and using it for those scripts?
>
Andrew,
I'm a member of a Public Access UNIX system. Some users on the system are
allowed to use development tools (like Python) and other aren't. Also,
some users are allowed to install software that they've written into a
publically accessible area so that everyone on the system can use it. The
problem is that if the software is written in a language like Python,
regular users won't be able to use the Python interpreter to run it, and
the Python programs that we write won't be very useful. Some of us want
to install a second interpreter that's been secured somewhat so that
people can run our programs without being able to execute arbitrary
Python programs.
You are correct that nothing (in principle) prevents someone from
installing another Python interpreter in $HOME/bin and running whatever
they want. In fact, that's kind of what *we're* doing. But since I
neither make nor enforce the rules, it isn't my problem if other people
try to break them.
Basically, I need to do this for bureaucratic reasons. I know it's a
hack, and that it sounds like a stupid thing to do, but it's the best
available option for us....
Thanks for the reply,
Steve
More information about the Python-list
mailing list