Security test of embedded Python

Path	csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!aioe.org!feeder.news-service.com!feeder1.cambriumusenet.nl!feed.tweaknews.nl!194.109.133.85.MISMATCH!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path	<rosuav@gmail.com>
X-Original-To	python-list@python.org
Delivered-To	python-list@mail.python.org
X-Spam-Status	OK 0.011
X-Spam-Evidence	'H': 0.98; 'S': 0.00; 'scripting': 0.05; 'subject:test': 0.05; 'subject:Python': 0.06; 'c++,': 0.07; 'end,': 0.07; 'names.': 0.07; 'python': 0.08; 'bug,': 0.09; 'linux.': 0.09; 'scripts': 0.10; 'received:209.85.214.174': 0.14; 'received:mail-iw0-f174.google.com': 0.14; 'angelico': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'hammer': 0.16; 'nat': 0.16; 'subject:embedded': 0.16; 'url:8000': 0.16; 'thanks!': 0.16; 'have,': 0.17; 'language,': 0.17; "aren't": 0.22; 'right.': 0.22; "i'm": 0.27; 'message-id:@mail.gmail.com': 0.28; 'knowing': 0.28; 'received:209.85.214': 0.28; '"python"': 0.30; '(so': 0.30; 'bugs.': 0.30; 'compromise': 0.30; 'servers.': 0.30; 'url:non-standard http port': 0.30; 'environment': 0.30; 'to:addr:python-list': 0.33; 'things': 0.33; 'chris': 0.34; 'forwarded': 0.35; 'test': 0.35; 'actual': 0.36; 'running': 0.37; 'received:google.com': 0.37; 'received:209.85': 0.37; 'bother': 0.37; 'pretty': 0.37; 'run': 0.38; 'but': 0.38; 'called': 0.39; 'received:209': 0.39; 'flexibility': 0.39; 'launch': 0.39; 'goes': 0.39; 'to:addr:python.org': 0.39; 'allows': 0.40; 'really': 0.40; 'human': 0.62; 'full': 0.63; 'world': 0.63; 'our': 0.63; 'please,': 0.64; 'simple,': 0.65; 'construction': 0.65; 'assistance': 0.66; 'here': 0.66; 'prove': 0.68; 'supply': 0.69; 'offer': 0.71; 'offering': 0.73; 'risk': 0.75; 'computers.': 0.84; 'imagination': 0.84; 'submission:': 0.93; 'subject:Security': 0.97
DKIM-Signature	v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=o0HQhOJepNBtQ/2wZ3BbTX633L1wXDha8G0KlZaC6uc=; b=WycorkkEZ68hjWc30PSkTMtw6QOKViGnGFOxdjGq2emuLSCNPRsZePQZrfETsgOF7S Cj/L7/9M4x5IWUFm32moQVEvA9INC8gA7Idj+FE2VRtPADlkWZas0b3WxcxPmLkJxQhL Elquh9KMdYPWFkAxa67bwSkXEBKzMZbJ7sPlM=
DomainKey-Signature	a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=YyfRQTXbjLTrqWGET91fl/yr1Q/ltgetxonNLeehvwYNduYwzQlren1TAiaqKem3am 8U3FOJIyH37qAsU1qE/hrRwU9DTxj3ua2e5n2VsbTZfQhHGEQg/LBA0UJ0yXYCobL9sA fZfp1ssIVyfEr3tCJcSVuxtSgX0HrM2++laJo=
MIME-Version	1.0
Date	Wed, 22 Jun 2011 10:49:52 +1000
Subject	Security test of embedded Python
From	Chris Angelico <rosuav@gmail.com>
To	python-list@python.org
Content-Type	text/plain; charset=ISO-8859-1
X-BeenThere	python-list@python.org
X-Mailman-Version	2.1.12
Precedence	list
List-Id	General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe	<http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive	<http://mail.python.org/pipermail/python-list>
List-Post	<mailto:python-list@python.org>
List-Help	<mailto:python-list-request@python.org?subject=help>
List-Subscribe	<http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups	comp.lang.python
Message-ID	<mailman.258.1308703797.1164.python-list@python.org> (permalink)
Lines	28
NNTP-Posting-Host	82.94.164.166
X-Trace	1308703798 news.xs4all.nl 49047 [::ffff:82.94.164.166]:55420
X-Complaints-To	abuse@xs4all.nl
Xref	x330-a1.tempe.blueboxinc.net comp.lang.python:8154

Show key headers only | View raw

I'm involved in the construction of an environment that allows end
users to supply scripts which will then run on our servers. We need to
be able to offer the full flexibility of a scripting language, but
without the risk of compromise to our computers. To that end, we have
set up a system with pretty much the same facilities as our live
system will have, and are offering this to the world to hammer on -
and requesting the world's assistance in hunting down bugs.

The environment is Python 3.3a0 embedded in C++, running on Linux.
It's currently home-hosted to keep things simple, with only one port
forwarded to it from our NAT router (so don't bother port scanning,
you aren't looking at Monty).

And yes, that's right. I have no imagination when it comes to names.
Our test box really is called Monty. And to sign up for our forums,
you'll need to prove you're a human by knowing that the name "Python"
goes with "Monty".

Launch page: http://www.pythontest.com/
PHPBB forum: http://www.pythontest.com/forum/
  (feedback here please, no need to clutter the python-list)
Actual thing to whump into submission: http://www.pythontest.com:8000/

Find a bug, get noted as a contributor! :)

Thanks!

Chris Angelico

Back to comp.lang.python | Previous | Next — Next in thread | Find similar | Unroll thread

Thread

Security test of embedded Python Chris Angelico <rosuav@gmail.com> - 2011-06-22 10:49 +1000
  Re: Security test of embedded Python Paul Rubin <no.email@nospam.invalid> - 2011-06-21 19:02 -0700
    Re: Security test of embedded Python Chris Angelico <rosuav@gmail.com> - 2011-06-22 12:35 +1000
      Re: Security test of embedded Python Paul Rubin <no.email@nospam.invalid> - 2011-06-21 19:40 -0700
        Re: Security test of embedded Python Benjamin Kaplan <benjamin.kaplan@case.edu> - 2011-06-21 20:09 -0700
        Re: Security test of embedded Python Chris Angelico <rosuav@gmail.com> - 2011-06-22 13:26 +1000
          Re: Security test of embedded Python Paul Rubin <no.email@nospam.invalid> - 2011-06-21 20:42 -0700
            Re: Security test of embedded Python Dennis <daodennis@gmail.com> - 2011-06-21 22:37 -0700
    Re: Security test of embedded Python Chris Angelico <rosuav@gmail.com> - 2011-06-22 12:44 +1000
      Re: Security test of embedded Python Irmen de Jong <irmen.NOSPAM@xs4all.nl> - 2011-06-22 19:33 +0200

csiph-web