views:

314

answers:

6

I understand that letting any anonymous user upload any sort of file in general can be dangerous, especially if it's code. However, I have an idea to let users upload custom AI scripts to my website. I would provide the template so that the user could compete with other AI's in an online web game I wrote in Python. I either need a solution to ensure a user couldn't compromise any other files or inject malicious code via their uploaded script or a solution for client-side execution of the game. Any suggestions? (I'm looking for a solution that will work with my Python scripts)

+1  A: 

Yes.

Allow them to script their client, not your server.

S.Lott
+5  A: 

I am in no way associated with this site and I'm only linking it because it tries to achieve what you are getting after: jailing of python. The site is code pad.

According to the about page it is ran under geordi and traps all sys calls with ptrace. In addition to be chroot'ed they are on a virtual machine with firewalls in place to disallow outbound connections.

Consider it a starting point but I do have to chime in on the whole danger thing. Gotta CYA myself. :)

Colin Burnett
+5  A: 

Using PyPy you can create a python sandbox. The sandbox is a separate and supposedly secure python environment where you can execute their scripts. More info here

http://codespeak.net/pypy/dist/pypy/doc/sandbox.html

"In theory it's impossible to do anything bad or read a random file on the machine from this prompt."

"This is safe to do even if script.py comes from some random untrusted source, e.g. if it is done by an HTTP server."

Dave
Has anyone actually used this? Every time I check up on pypy, its always being developed.
Unknown
I haven't, just read about it.
Dave
+3  A: 

Along with other safeguards, you can also incorporate human review of the code. Assuming part of the experience is reviewing other members' solutions, and everyone is a python developer, don't allow new code to be activated until a certain number of members vote for it. Your users aren't going to approve malicious code.

Walt Gordon Jones
A: 

PyPy is probably a decent bet on the server side as suggested, but I'd look into having your python backend provide well defined APIs and data formats and have the users implement the AI and logic in Javascript so it can run in their browser. So the interaction would look like: For each match/turn/etc, pass data to the browser in a well defined format, provide a javascript template that receives the data and can implement logic, and provide web APIs that can be invoked by the client (browser) to take the desired actions. That way you don't have to worry about security or server power.

Parand
+2  A: 

Have an extensive API for the users and strip all other calls upon upload (such as import statements). Also, strip everything that has anything to do with file i/o.

(You might want to do multiple passes to ensure that you didn't miss anything.)

geowa4
No exec either `exec"imp""ort os"` :)
gnibbler