Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #30888
| Path | csiph.com!usenet.pasdenom.info!gegeweb.org!de-l.enfer-du-nord.net!feeder1.enfer-du-nord.net!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <rodrick.brown@gmail.com> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.001 |
| X-Spam-Evidence | '*H*': 1.00; '*S*': 0.00; 'wiki': 0.03; '[0]': 0.07; 'objects,': 0.07; 'scripts': 0.09; 'python': 0.09; 'runtime': 0.09; 'cc:addr:python-list': 0.10; 'message-id:@unknownmsgid': 0.16; 'oct': 0.16; 'scripting.': 0.16; 'scripts.': 0.16; 'wrote:': 0.17; 'url:moin': 0.17; 'all,': 0.21; 'help.': 0.22; 'cc:2**0': 0.23; 'script': 0.24; 'cc:addr:python.org': 0.25; 'header:In- Reply-To:1': 0.25; 'url:wiki': 0.26; '(see': 0.27; '[1]': 0.27; 'environment.': 0.27; 'question': 0.27; 'authors': 0.27; 'received:209.85.210.46': 0.27; 'environment': 0.29; 'accomplished': 0.29; 'url:mailman': 0.29; 'classes': 0.30; 'url:python': 0.32; 'file': 0.32; 'url:listinfo': 0.32; 'received:google.com': 0.34; 'thanks': 0.34; 'pm,': 0.35; 'received:209.85': 0.35; 'there': 0.35; 'url:org': 0.36; 'modules': 0.36; 'execute': 0.37; 'received:209': 0.37; 'subject:: ': 0.38; 'page': 0.38; 'several': 0.39; 'system.': 0.39; 'url:mail': 0.40; 'think': 0.40; 'your': 0.60 |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=references:from:mime-version:in-reply-to:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=fG1rd57nkFgPOKxYDUDrr6yfQZYDYsr7D0+YtdARhJ8=; b=HUZzoVYsOJ5A6/sBkcqEHo0LD0lH50GVPXDDEmD250qA7GPsCbk1cwDC7wDewkm8ka TtPnzkQXt7KSBZCLGiRnG/iZeWDEc2k55nlPJSm0Xf45WiEL7Jq5GkU8SachIXIA/J8T kNNl1PivBzcdjKiddA9utkLY6Wu01gpSPfnHvVhKybMp5g3rhgBfCZvoSprGA1uG5ZW8 mm+hysKLxaIQTfdsosjZdzWS6nodl10oZPLs+cxL7HSvOMtPQfvSiG7IIBPl2uKQN1PI L15bOLTzZRmCe9PwtqUoScds66C1XsoHBwCFkSqEcNGAgGir+NhMzRVCb64p0xLmJhPl YRrw== |
| References | <4hrls608xbax633ej6s1n54j.1349475464556@email.android.com> |
| From | Rodrick Brown <rodrick.brown@gmail.com> |
| Mime-Version | 1.0 (1.0) |
| In-Reply-To | <4hrls608xbax633ej6s1n54j.1349475464556@email.android.com> |
| Date | Sat, 6 Oct 2012 09:25:20 -0400 |
| Subject | Re: Executing untrusted scripts in a sandboxed environment |
| To | Robin Krahl <me@robin-krahl.de> |
| Content-Type | text/plain; charset=ISO-8859-1 |
| Content-Transfer-Encoding | quoted-printable |
| Cc | "python-list@python.org" <python-list@python.org> |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.15 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.1901.1349529925.27098.python-list@python.org> (permalink) |
| Lines | 29 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1349529925 news.xs4all.nl 6900 [2001:888:2000:d::a6]:42586 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | csiph.com comp.lang.python:30888 |
Show key headers only | View raw
On Oct 5, 2012, at 6:32 PM, Robin Krahl <me@robin-krahl.de> wrote: > Hi all, > > I need to execute untrusted scripts in my Python application. To avoid security issues, I want to use a sandboxed environment. This means that the script authors have no access to the file system. They may only access objects, modules and classes that are "flagged" or "approved" for scripting. > > I read that I will not be able to do this with Python scripts. (See SandboxedPython page in the Python wiki [0] and several SE.com questions, e. g. [1].) So my question is: What is the best way to "embed" a script engine in a sandboxed environment that has access to the Python modules and classes that I provide? Checkout udacity.com I think there is a writeup on stackoverflow on how they accomplished their sandbox runtime env. > > Thanks for your help. > > Best regards, > Robin > > [0] http://wiki.python.org/moin/SandboxedPython > [1] http://stackoverflow.com/questions/3068139/how-can-i-sandbox-python-in-pure-python > -- > http://mail.python.org/mailman/listinfo/python-list
Back to comp.lang.python | Previous | Next | Find similar | Unroll thread
Re: Executing untrusted scripts in a sandboxed environment Rodrick Brown <rodrick.brown@gmail.com> - 2012-10-06 09:25 -0400
csiph-web