Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #8163

Re: Security test of embedded Python

Path csiph.com!x330-a1.tempe.blueboxinc.net!newsfeed.hal-mli.net!feeder3.hal-mli.net!nx02.iad01.newshosting.com!newshosting.com!news-out.octanews.net!indigo.octanews.net!auth.beige.octanews.com.POSTED!not-for-mail
From Paul Rubin <no.email@nospam.invalid>
Newsgroups comp.lang.python
Subject Re: Security test of embedded Python
References <mailman.258.1308703797.1164.python-list@python.org>
Date Tue, 21 Jun 2011 19:02:03 -0700
Message-ID <7xhb7i7hes.fsf@ruckus.brouhaha.com> (permalink)
Organization Nightsong/Fort GNOX
User-Agent Gnus/5.13 (Gnus v5.13) Emacs/23.1 (gnu/linux)
Cancel-Lock sha1:hTF+1VQxlFgnuL0ja3Uly+VJZYA=
MIME-Version 1.0
Content-Type text/plain; charset=us-ascii
Lines 15
NNTP-Posting-Date 21 Jun 2011 21:02:03 CDT
X-Complaints-To abuse@octanews.net
Xref x330-a1.tempe.blueboxinc.net comp.lang.python:8163

Show key headers only | View raw

Chris Angelico <rosuav@gmail.com> writes:
> users to supply scripts which will then run on our servers...
> The environment is Python 3.3a0 embedded in C++, running on Linux.

This doesn't sound like a bright idea, given the well-known difficulty
of sandboxing Python.

Geordi <http://weegen.home.xs4all.nl/eelis/geordi/> has some interesting
examples (C++) you might want to try translating to Python and running
on your server.  It uses ptrace to control the execution of potentially
hostile code.  I don't know if any exploits have been found or whether
it's still active.

Maybe you want to look at Lua.  IMHO it's not a very nice language, but
I've heard that it's easy to embed and sandbox.

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Security test of embedded Python Chris Angelico <rosuav@gmail.com> - 2011-06-22 10:49 +1000
  Re: Security test of embedded Python Paul Rubin <no.email@nospam.invalid> - 2011-06-21 19:02 -0700
    Re: Security test of embedded Python Chris Angelico <rosuav@gmail.com> - 2011-06-22 12:35 +1000
      Re: Security test of embedded Python Paul Rubin <no.email@nospam.invalid> - 2011-06-21 19:40 -0700
        Re: Security test of embedded Python Benjamin Kaplan <benjamin.kaplan@case.edu> - 2011-06-21 20:09 -0700
        Re: Security test of embedded Python Chris Angelico <rosuav@gmail.com> - 2011-06-22 13:26 +1000
          Re: Security test of embedded Python Paul Rubin <no.email@nospam.invalid> - 2011-06-21 20:42 -0700
            Re: Security test of embedded Python Dennis <daodennis@gmail.com> - 2011-06-21 22:37 -0700
    Re: Security test of embedded Python Chris Angelico <rosuav@gmail.com> - 2011-06-22 12:44 +1000
      Re: Security test of embedded Python Irmen de Jong <irmen.NOSPAM@xs4all.nl> - 2011-06-22 19:33 +0200

csiph-web