Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #52124

Re: Reg secure python environment with web terminal emulator

References <CAKuJGC9tXOS9KGig9fLBp+1D-kx9wdBNe6JaHQ8OprOOf19_6w@mail.gmail.com> <87txj2m3ws.fsf@handshake.de>
From "Lakshmipathi.G" <lakshmipathi.g@gmail.com>
Date 2013-08-07 14:45 +0530
Subject Re: Reg secure python environment with web terminal emulator
Newsgroups comp.lang.python
Message-ID <mailman.308.1375866972.1251.python-list@python.org> (permalink)

Show all headers | View raw

Hi -

Thanks for the response. Yes, we used OS features to
restrict the system user accounts.

We don't allow gcc - this helped us to avoid  kernel exploits via C code like :
https://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id=42827&forum=59
https://bugzilla.redhat.com/show_bug.cgi?id=962792

We are concerned whether user may try C exploits via Python code and break the
system. What's the minimal python set-up you would suggest? I'm
thinking something like:

1- Uninstall python-devel packages
2- Remove easy_install or pip (any such install utilities)
3- Keep only very basic modules under /usr/lib/python<>/site-packages
and delete the others.

Thanks.


-- 
----
Cheers,
Lakshmipathi.G
FOSS Programmer.
www.giis.co.in






On Wed, Aug 7, 2013 at 11:35 AM, dieter <dieter@handshake.de> wrote:
> "Lakshmipathi.G" <lakshmipathi.g@gmail.com> writes:
>
>> We have a server running a web-based terminal emulator (based on shellinabox
>> for screen-casting  check www.webminal.org) that allows users to learn
>> simple bash commands. This Linux environment secured by things like quota,
>> selinux,ulimit  etc
>>
>> Now some users are requesting python access. How to ensure python is executed
>> in a restricted environment. I came across
>> http://docs.python.org/2/library/restricted.html
>> but it seems like disabled in 2.3. Any thoughts on how we can safely
>> provide python access
>> to users.
>
> When you are satisfied with the protection you have achieved
> for bash commands, those same protection might be sufficient
> for Python as well. I assume that you used operating system
> facilities to restrict what the (system) user can do on the
> operating system level: the same restriction would apply to the
> (same) user executing Python code.
>
> --
> http://mail.python.org/mailman/listinfo/python-list

Back to comp.lang.python | Previous | Next | Find similar | Unroll thread

Thread

Re: Reg secure python environment with web terminal emulator "Lakshmipathi.G" <lakshmipathi.g@gmail.com> - 2013-08-07 14:45 +0530

csiph-web