Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!news.albasani.net!feeder.news-service.com!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path: <rosuav@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.000
X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'wed,': 0.03; 'python.': 0.04; 'subject:test': 0.05; 'subject:Python': 0.06; 'c++,': 0.07; 'python': 0.08; 'linux.': 0.09; 'syntax.': 0.09; 'pm,': 0.10; 'scripts': 0.10; 'examples': 0.12; 'wrote:': 0.14; 'angelico': 0.16; 'embed': 0.16; 'exploits': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'obvious.': 0.16; 'subject:embedded': 0.16; 'url:xs4all': 0.16; 'great.': 0.16; 'language,': 0.17; 'language': 0.18; 'thanks,': 0.19; 'writes:': 0.19; 'header:In-Reply-To:1': 0.21; 'sound': 0.22; 'code.': 0.22; 'maybe': 0.23; 'active.': 0.23; 'received:209.85.210.174': 0.23; 'received:mail-iy0-f174.google.com': 0.23; "doesn't": 0.25; 'server.': 0.25; 'url:home': 0.25; '(in': 0.26; 'message- id:@mail.gmail.com': 0.28; 'paul': 0.28; 'difficulty': 0.30; 'environment': 0.30; 'it.': 0.31; 'community': 0.32; 'execution': 0.32; 'to:addr:python-list': 0.33; "i've": 0.33; "i'll": 0.34; 'chris': 0.34; 'ideal': 0.36; 'uses': 0.36; 'running': 0.37; 'received:google.com': 0.37; 'received:209.85': 0.37; 'run': 0.38; 'but': 0.38; 'smaller': 0.38; 'subject:: ': 0.38; 'some': 0.38; 'called': 0.39; 'received:209': 0.39; 'to:addr:python.org': 0.39; 'more': 0.60; 'your': 0.60; 'our': 0.63; 'supply': 0.69; '12:02': 0.84; 'bright': 0.84; 'holes': 0.91; 'hostile': 0.91; 'subject:Security': 0.97
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type:content-transfer-encoding; bh=C5sJy+KsDmb2xWWAMA3skFEXGHjO1LBT0ou11Tn+eko=; b=ZCeHtK2TYshVqGhDic8NxFxuYn+DXFwB/WPrUfZnXtOXINYYQipWdtSAdmivPI4bTf V1mqDLvul3O1Bn10cXmh0Ro3R5PIwnbD+vVOOo0uepHH5Lg/xWbgibYB1JkIfNYkqNCB X1sQfb7aobAz0j3l6CAHtFTWZjR9as5OQYpCc=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=GWwyw+nofo3q2W3PAmtNVfcyuHPIkhAYRBbWdx3NQxcssMC2elBcqml/n1Pn5Or2wz aJ7L/up3lpIeaNFds8n9A89HDkoORoZSZ5XSCohslFaH9y7TjML9UA5/fh1jSL//SYRn 3i6YfXz/7JqjCLyGqHKEPLLzYa3DM/hMj1dCc=
MIME-Version: 1.0
In-Reply-To: <7xhb7i7hes.fsf@ruckus.brouhaha.com>
References: <mailman.258.1308703797.1164.python-list@python.org> <7xhb7i7hes.fsf@ruckus.brouhaha.com>
Date: Wed, 22 Jun 2011 12:35:14 +1000
Subject: Re: Security test of embedded Python
From: Chris Angelico <rosuav@gmail.com>
To: python-list@python.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.262.1308710118.1164.python-list@python.org>
Lines: 30
NNTP-Posting-Host: 82.94.164.166
X-Trace: 1308710118 news.xs4all.nl 49180 [::ffff:82.94.164.166]:48392
X-Complaints-To: abuse@xs4all.nl
Xref: x330-a1.tempe.blueboxinc.net comp.lang.python:8166

On Wed, Jun 22, 2011 at 12:02 PM, Paul Rubin <no.email@nospam.invalid> wrot=
e:
> Chris Angelico <rosuav@gmail.com> writes:
>> users to supply scripts which will then run on our servers...
>> The environment is Python 3.3a0 embedded in C++, running on Linux.
>
> This doesn't sound like a bright idea, given the well-known difficulty
> of sandboxing Python.

So it seems! Less than half an hour after I made the announcement
post, the box had been compromised.

> Geordi <http://weegen.home.xs4all.nl/eelis/geordi/> has some interesting
> examples (C++) you might want to try translating to Python and running
> on your server. =A0It uses ptrace to control the execution of potentially
> hostile code. =A0I don't know if any exploits have been found or whether
> it's still active.

Thanks, will look into it.

> Maybe you want to look at Lua. =A0IMHO it's not a very nice language, but
> I've heard that it's easy to embed and sandbox.

Yeah, I've used Lua before (in a game called Angband), and it's not
that great. But security's more important than ideal language syntax.

I'll also be looking into Pike. Unfortunately its community is far
smaller than Python's, so security holes may be less obvious.

Chris Angelico