Return-Path: <fabiosantosart@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.011
X-Spam-Evidence: '*H*': 0.98; '*S*': 0.00; 'root': 0.05; 'sufficient': 0.05; 'tree': 0.05; 'subject:Python': 0.06; 'modified': 0.07; 'imported': 0.09; 'statements': 0.09; 'wrapper': 0.09; 'cc:addr :python-list': 0.11; 'python': 0.11; 'changes': 0.15; 'access)': 0.16; 'ast': 0.16; 'builtins': 0.16; 'builtins.': 0.16; 'tool.': 0.16; 'language': 0.16; 'wrote:': 0.18; 'module': 0.19; 'normally': 0.19; 'seems': 0.21; 'memory': 0.22; 'import': 0.22; 'email addr:gmail.com&gt;': 0.22; 'cc:addr:python.org': 0.22; 'cc:2**1': 0.23; 'environment': 0.24; 'cc:no real name:2**0': 0.24; "i've": 0.25; 'source': 0.25; 'script': 0.25; '&gt;': 0.26; 'designated': 0.26; 'header:In-Reply-To:1': 0.27; 'tried': 0.27; 'external': 0.29; 'unix': 0.29; 'message-id:@mail.gmail.com': 0.30; "i'm": 0.30; 'hacker': 0.31; 'sep': 0.31; 'subject:programs': 0.31; 'run': 0.32; 'quite': 0.32; 'running': 0.33; 'guess': 0.33; 'could': 0.34; 'test': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'there': 0.35; 'should': 0.36; 'wrong': 0.37; 'operating': 0.37; 'list': 0.37; 'skip:& 10': 0.38; 'files': 0.38; 'heard': 0.39; 'use.': 0.39; 'sure': 0.39; 'mailing': 0.39; 'called': 0.40; 'subject:online': 0.61; 'course': 0.61; 'times': 0.62; 'name': 0.63; 'term': 0.63; 'such': 0.63; 'refer': 0.63; 'to:addr:gmail.com': 0.65; 'user,': 0.69; 'safe': 0.72; 'therefore': 0.72; 'interest.': 0.81; 'failures.': 0.84; 'start.': 0.84; 'whitelist': 0.84; 'apparent': 0.91; 'spectacular': 0.91; 'children.': 0.93; '2013': 0.98
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=SR58GI6KGQXchM9+kutqdzpWGesbJS0VGXbpqCREp8M=; b=uTXpYyt1KAvFOIT/pNzP2mQ2hWPxLQS7R/isqw1KrauP25iReyg3V94IBgjHbqi/EF fYT1PEO/7W2I9+aVsCV9qlpGQ7KOtxC8DXunKhGLP/5vkq6luvLrGXaanKMR1cPUAzEr zkgJB+FzMmHD4clSMgDesBz9NhcTYktbpKV7EU0hAl4OqtppNsz/14773/jkFBemsx9z uslsZ6Hf7/+p8BB/Sxeg/lIHx0N0eKZEdPbLL1RPUP0BsoYD3jMBiOuyJal0U4r7ETea iO8kPuAUNDpbPs3ZTmYH41Pln1PIGUP8QIDgm1eTT/7e6KuS6ovDSupaVRTVSCBdSo73 drNQ==
MIME-Version: 1.0
X-Received: by 10.49.24.178 with SMTP id v18mr29274942qef.12.1379939587980; Mon, 23 Sep 2013 05:33:07 -0700 (PDT)
In-Reply-To: <CAOuJsMm4kVL8_1LELgAB+sTxx+yVV8YQ4QV1aoHUp8y64+MEAQ@mail.gmail.com>
References: <CAOuJsM=vWQifowsgVK+upBGA3BdqWbETstqXi9127gcU9coOhg@mail.gmail.com> <l1i97a$qle$1@ger.gmane.org> <CAOuJsMm4kVL8_1LELgAB+sTxx+yVV8YQ4QV1aoHUp8y64+MEAQ@mail.gmail.com>
Date: Mon, 23 Sep 2013 12:33:07 +0000
Subject: Re: building an online judge to evaluate Python programs
From: =?ISO-8859-1?Q?F=E1bio_Santos?= <fabiosantosart@gmail.com>
To: Jabba Laci <jabba.laci@gmail.com>
Content-Type: multipart/alternative; boundary=047d7b5d4e5cf404bf04e70c38b4
Cc: python-list@python.org, Dave Angel <davea@davea.name>
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.263.1379939591.18130.python-list@python.org>
Lines: 94
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1379939591 news.xs4all.nl 15961 [2001:888:2000:d::a6]:39679
X-Complaints-To: abuse@xs4all.nl
Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!eu.feeder.erje.net!porbandar.httrack.net!news.httrack.net!feed.ac-versailles.fr!nerim.net!novso.com!newsfeed.xs4all.nl!newsfeed1.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Xref: csiph.com comp.lang.python:54629

--047d7b5d4e5cf404bf04e70c38b4
Content-Type: text/plain; charset=ISO-8859-1

On 20 Sep 2013 21:14, "Jabba Laci" <jabba.laci@gmail.com> wrote:
>
> > That last seems to me to be the biggie.  Several times in the past few
> > years, people in this mailing list have tried to build a safe sandbox.
> > And each one was a big failure, for a hacker of sufficient interest.
> > Some of them were spectacular failures.
> >
> > If you have to be safe from your user, Python may be the wrong language
> > to give them.
>
> Well, the course is about Python and I want to test Python scripts...
>
> I've heard about "chroot jail" but I never used it. Wikipedia says:
>
> "A chroot on Unix operating systems is an operation that changes the
> apparent root directory for the current running process and its
> children. A program that is run in such a modified environment cannot
> name (and therefore normally not access) files outside the designated
> directory tree. The term "chroot" may refer to the chroot(2) system
> call or the chroot(8) wrapper program. The modified environment is
> called a "chroot jail"."
>
> I guess it could be used for sandboxing.
>
> Laszlo

It may be a good start to whitelist the modules and builtins they are
allowed to use.

The ast module could be used to scan the source tree for import statements
and run the imported modules through the whitelist.

There should also be many ways to run a script with stripped-down builtins.

Then you can control execution time and memory usage using an external tool.

I'm quite sure this isn't all you need, but it can be a good place to start.

--047d7b5d4e5cf404bf04e70c38b4
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<p dir=3D"ltr"><br>
On 20 Sep 2013 21:14, &quot;Jabba Laci&quot; &lt;<a href=3D"mailto:jabba.la=
ci@gmail.com">jabba.laci@gmail.com</a>&gt; wrote:<br>
&gt;<br>
&gt; &gt; That last seems to me to be the biggie. =A0Several times in the p=
ast few<br>
&gt; &gt; years, people in this mailing list have tried to build a safe san=
dbox.<br>
&gt; &gt; And each one was a big failure, for a hacker of sufficient intere=
st.<br>
&gt; &gt; Some of them were spectacular failures.<br>
&gt; &gt;<br>
&gt; &gt; If you have to be safe from your user, Python may be the wrong la=
nguage<br>
&gt; &gt; to give them.<br>
&gt;<br>
&gt; Well, the course is about Python and I want to test Python scripts...<=
br>
&gt;<br>
&gt; I&#39;ve heard about &quot;chroot jail&quot; but I never used it. Wiki=
pedia says:<br>
&gt;<br>
&gt; &quot;A chroot on Unix operating systems is an operation that changes =
the<br>
&gt; apparent root directory for the current running process and its<br>
&gt; children. A program that is run in such a modified environment cannot<=
br>
&gt; name (and therefore normally not access) files outside the designated<=
br>
&gt; directory tree. The term &quot;chroot&quot; may refer to the chroot(2)=
 system<br>
&gt; call or the chroot(8) wrapper program. The modified environment is<br>
&gt; called a &quot;chroot jail&quot;.&quot;<br>
&gt;<br>
&gt; I guess it could be used for sandboxing.<br>
&gt;<br>
&gt; Laszlo</p>
<p dir=3D"ltr">It may be a good start to whitelist the modules and builtins=
 they are allowed to use.</p>
<p dir=3D"ltr">The ast module could be used to scan the source tree for imp=
ort statements and run the imported modules through the whitelist.</p>
<p dir=3D"ltr">There should also be many ways to run a script with stripped=
-down builtins.</p>
<p dir=3D"ltr">Then you can control execution time and memory usage using a=
n external tool.</p>
<p dir=3D"ltr">I&#39;m quite sure this isn&#39;t all you need, but it can b=
e a good place to start.</p>

--047d7b5d4e5cf404bf04e70c38b4--