views:

381

answers:

3

Implementing a 'sandbox' environment in Python used to be done with the rexec module (http://docs.python.org/library/rexec.html). Unfortunately, it has been deprecated/removed due to some security vulnerabilities. Is there an alternative?

My goal is to have Python code execute semi-trusted Python scripts. In a perfect world, calls to any functions outside of a pre-defined set would raise exceptions. From what I've read about rexec's deprecation, this may not be possible. So I'll settle for as much as I can get. I can spawn a separate process to run the scripts, which helps a lot. But they could still abuse I/O or processor/memory resources.

+3  A: 

You might want to provide your own __import__ to prevent inclusion of any modules you deem "abuse I/O or processor/memory resources."

You might want to start with pypy and create your own interpreter with limitations and constraints on resource use.

S.Lott
Providing your own __import__ is a great idea, and is far better than any other solution ever done for sandboxing!
kylebrooks
@kylebrooks: "far better than any other solution" is a bit string. It lets you whitelist (and blacklist) modules, but it doesn't prevent or even detect a process that attempts to "abuse I/O or processor/memory resources."
S.Lott
+1  A: 

in cpython "sandboxing" for security reasons is a: "don't do that at your company kids"-thing.

try :

  • jython with java "sandboxing"
  • pypy -> see Answer S.Lott
  • maybe ironpython has a solution ?

see Warning:

Warning

In Python 2.3 these modules have been disabled due to various known and not readily fixable security holes. The modules are still documented here to help in reading old code that uses the rexec and Bastion modules.

Blauohr
+1  A: 

There is a paper on this : http://people.cs.ubc.ca/~drifty/papers/python_security.pdf

Kevin