Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #15972
| Path | csiph.com!x330-a1.tempe.blueboxinc.net!newsfeed.hal-mli.net!feeder3.hal-mli.net!newsfeed.hal-mli.net!feeder1.hal-mli.net!de-l.enfer-du-nord.net!feeder2.enfer-du-nord.net!feeds.phibee-telecom.net!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <python-python-list@m.gmane.org> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.000 |
| X-Spam-Evidence | '*H*': 1.00; '*S*': 0.00; 'string.': 0.04; 'defines': 0.07; 'exec': 0.07; 'happily': 0.07; 'python': 0.08; '-rf': 0.09; 'received:80.91': 0.09; 'received:80.91.229': 0.09; 'received:80.91.229.12': 0.09; 'received:gmane.org': 0.09; 'received:list': 0.09; 'received:lo.gmane.org': 0.09; 'url:activestate': 0.09; '"exec"': 0.16; 'code?': 0.16; 'subject:Questions': 0.18; 'header:In-Reply-To:1': 0.22; 'runs': 0.23; 'writes:': 0.25; 'code': 0.25; 'code,': 0.27; 'url:code': 0.28; 'server': 0.30; 'url:library': 0.31; 'andrew': 0.32; 'header :User-Agent:1': 0.33; 'header:X-Complaints-To:1': 0.33; 'to:addr :python-list': 0.34; 'statement,': 0.34; 'url:python': 0.36; 'received:org': 0.38; 'client': 0.39; 'url:docs': 0.39; 'received:de': 0.39; 'url:org': 0.39; 'subject: (': 0.40; "it's": 0.40; 'to:addr:python.org': 0.40; 'accepts': 0.64; 'doing.': 0.73; 'malicious': 0.84 |
| X-Injected-Via-Gmane | http://gmane.org/ |
| To | python-list@python.org |
| From | Christian Heimes <lists@cheimes.de> |
| Subject | Re: Server Questions (2 of them) |
| Date | Mon, 21 Nov 2011 01:27:59 +0100 |
| References | <4c5cedc5-65e4-4bca-a7fe-7afffde79c88@s6g2000vbc.googlegroups.com> <8762iesc3q.fsf@xemacs.org> |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=ISO-8859-1 |
| Content-Transfer-Encoding | 7bit |
| X-Gmane-NNTP-Posting-Host | f048135134.adsl.alicedsl.de |
| User-Agent | Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20110929 Thunderbird/7.0.1 |
| In-Reply-To | <8762iesc3q.fsf@xemacs.org> |
| X-Enigmail-Version | 1.4a1pre |
| OpenPGP | id=AD16AB1B; url=http://cheimes.de/heimes.asc |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.12 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.2881.1321835300.27778.python-list@python.org> (permalink) |
| Lines | 19 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1321835300 news.xs4all.nl 6968 [2001:888:2000:d::a6]:40350 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | x330-a1.tempe.blueboxinc.net comp.lang.python:15972 |
Show key headers only | View raw
Am 20.11.2011 22:44, schrieb Hrvoje Niksic:
> Andrew <andrew.chapkowski@gmail.com> writes:
>
>> How to do you create a server that accepts a set of user code?
> [...]
>
> Look up the "exec" statement, the server can use it to execute any code
> received from the client as a string.
>
> Note "any code", though; exec runs in no sandbox and if a malicious
> client defines addition(1, 2) to execute os.system('sudo rm -rf /'), the
> server will happily do just that.
It's possible to sandbox Python code, see
http://docs.python.org/library/rexec.html,
http://code.activestate.com/recipes/496746-restricted-safe-eval/ or TTW
code (through the web) in Zope. However the sandboxing is limited and
you really need to know what you are doing.
Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Server Questions (2 of them) Andrew <andrew.chapkowski@gmail.com> - 2011-11-20 12:02 -0800
Re: Server Questions (2 of them) Chris Angelico <rosuav@gmail.com> - 2011-11-21 08:34 +1100
Re: Server Questions (2 of them) Hrvoje Niksic <hniksic@xemacs.org> - 2011-11-20 22:44 +0100
Re: Server Questions (2 of them) Christian Heimes <lists@cheimes.de> - 2011-11-21 01:27 +0100
Re: Server Questions (2 of them) alex23 <wuwei23@gmail.com> - 2011-11-20 20:26 -0800
Re: Server Questions (2 of them) Nizamov Shawkat <nizamov.shawkat@gmail.com> - 2011-11-21 07:28 +0100
csiph-web