tags:

views:

141

answers:

3

How can I protect my web server, if I run custom users code on server. If any user can submit his python source on my server and run it.

Maybe some modules or linux tools for close any network and hardware activity for this script.

Thank's all for help!

+8  A: 

The concept you're thinking of is sandboxing. Check out the Python wiki page about it:

http://wiki.python.org/moin/SandboxedPython

Amber
A: 

In general, python is not the best language choice if you want to allow the execution of untrusted code. The JVM and .NET have much better support for sandboxing, so Jython and IronPython would be better choices.

mikerobi
Actually -- the safest approach would arguably be to use `seccomp`, which locks down the available system calls to `exit()`, `read()` and `write()` (the latter to already-open file descriptors); this would allow even arbitrary chunks of native binary to be run. However, as Python needs more syscalls than these to operate, it is incompatible with seccomp. I trust seccomp much more than any language- or interpreter-level sandbox, simply because it's simpler, less flexible, and more restrictive.
Charles Duffy
A: 

Check out Utility Mill, to see how Greg Pinero managed this.

Paul McGuire