Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #52124
| Path | csiph.com!usenet.pasdenom.info!weretis.net!feeder1.news.weretis.net!feeder.erje.net!eu.feeder.erje.net!xlned.com!feeder1.xlned.com!newsfeed.xs4all.nl!newsfeed4.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail |
|---|---|
| Return-Path | <lakshmipathi.g@gmail.com> |
| X-Original-To | python-list@python.org |
| Delivered-To | python-list@mail.python.org |
| X-Spam-Status | OK 0.017 |
| X-Spam-Evidence | '*H*': 0.97; '*S*': 0.00; 'sufficient': 0.05; 'bash': 0.09; 'executed': 0.09; 'foss': 0.09; 'level:': 0.09; 'restriction': 0.09; 'cc:addr:python-list': 0.11; 'python': 0.11; 'assume': 0.14; 'easy_install': 0.16; 'emulator': 0.16; 'exploits': 0.16; 'set-up': 0.16; 'suggest?': 0.16; 'uninstall': 0.16; 'url:bugzilla': 0.16; 'url:redhat': 0.16; 'url:show_bug': 0.16; 'subject:python': 0.16; 'wrote:': 0.18; 'code.': 0.18; 'users.': 0.18; 'wed,': 0.18; 'thoughts': 0.19; 'thanks.': 0.20; 'seems': 0.21; 'aug': 0.22; 'cc:addr:python.org': 0.22; 'install': 0.23; 'commands,': 0.24; 'cheers,': 0.24; 'environment': 0.24; 'cc:2**0': 0.24; 'cc:no real name:2**0': 0.24; 'header:In-Reply- To:1': 0.27; '----': 0.29; 'am,': 0.29; 'restrict': 0.30; 'message-id:@mail.gmail.com': 0.30; "i'm": 0.30; 'url:mailman': 0.30; 'code': 0.31; 'disabled': 0.31; 'gcc': 0.31; 'requesting': 0.31; 'restricted': 0.31; 'safely': 0.31; 'writes:': 0.31; 'allows': 0.31; 'linux': 0.33; 'url:python': 0.33; 'running': 0.33; 'minimal': 0.33; 'subject:with': 0.35; 'basic': 0.35; 'something': 0.35; 'etc': 0.35; 'but': 0.35; 'received:google.com': 0.35; 'executing': 0.36; 'url:listinfo': 0.36; 'thanks': 0.36; 'url:org': 0.36; 'operating': 0.37; 'server': 0.38; 'others.': 0.38; 'url:library': 0.38; 'environment.': 0.39; 'delete': 0.39; 'system.': 0.39; 'users': 0.40; 'url:mail': 0.40; 'how': 0.40; 'ensure': 0.60; 'remove': 0.60; 'break': 0.61; 'simple': 0.61; 'protection': 0.63; 'such': 0.63; 'provide': 0.64; 'response.': 0.68; 'facilities': 0.69; 'accounts.': 0.74; 'satisfied': 0.81; '(any': 0.84; '2.3.': 0.84; 'commands.': 0.84; 'quota,': 0.84; 'secured': 0.84; 'skip:/ 30': 0.84; 'url:php': 0.85; 'url:59': 0.91; '2013': 0.98 |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=drxfoUQloFChCp+EYNNWRup2fByqD1Hl4ALrURtjHHw=; b=NtDwLnrTd2rEHQt+Q1SVEyvBNJRDIFWUSueBkGbX/6qYYeNpCFZnzoWWC0mIjE3JDK /NTiivMhXSQFGAtNbeFMMYuXQW4gnCneiRqGQl+CaGx6SUFBo+g0OFgme9LzIgomunz9 YL25BYwBNejx3puURHN/nC+IKrLMwA8JHw6Rt+iaoCfMDBa+o7FLxWf5d9HyQzsVXnuI CcOvxRgCR+Og4BsBMuh7TNjlK2sKAqqOrQUNp4aqbaTYKZm3lOwXuVrFNXVNZw3E2wRB n/ka4kU1KMbEp68NpWf64f8mElLSJlbGxoX70WJUlRdSrrPF2XGGlFBtchkUUz2bnjP+ VtYA== |
| X-Received | by 10.180.189.37 with SMTP id gf5mr1588736wic.9.1375866965150; Wed, 07 Aug 2013 02:16:05 -0700 (PDT) |
| MIME-Version | 1.0 |
| In-Reply-To | <87txj2m3ws.fsf@handshake.de> |
| References | <CAKuJGC9tXOS9KGig9fLBp+1D-kx9wdBNe6JaHQ8OprOOf19_6w@mail.gmail.com> <87txj2m3ws.fsf@handshake.de> |
| From | "Lakshmipathi.G" <lakshmipathi.g@gmail.com> |
| Date | Wed, 7 Aug 2013 14:45:44 +0530 |
| Subject | Re: Reg secure python environment with web terminal emulator |
| To | dieter <dieter@handshake.de> |
| Content-Type | text/plain; charset=ISO-8859-1 |
| Cc | python-list@python.org |
| X-BeenThere | python-list@python.org |
| X-Mailman-Version | 2.1.15 |
| Precedence | list |
| List-Id | General discussion list for the Python programming language <python-list.python.org> |
| List-Unsubscribe | <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe> |
| List-Archive | <http://mail.python.org/pipermail/python-list/> |
| List-Post | <mailto:python-list@python.org> |
| List-Help | <mailto:python-list-request@python.org?subject=help> |
| List-Subscribe | <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.308.1375866972.1251.python-list@python.org> (permalink) |
| Lines | 57 |
| NNTP-Posting-Host | 2001:888:2000:d::a6 |
| X-Trace | 1375866972 news.xs4all.nl 15877 [2001:888:2000:d::a6]:36157 |
| X-Complaints-To | abuse@xs4all.nl |
| Xref | csiph.com comp.lang.python:52124 |
Show key headers only | View raw
Hi - Thanks for the response. Yes, we used OS features to restrict the system user accounts. We don't allow gcc - this helped us to avoid kernel exploits via C code like : https://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id=42827&forum=59 https://bugzilla.redhat.com/show_bug.cgi?id=962792 We are concerned whether user may try C exploits via Python code and break the system. What's the minimal python set-up you would suggest? I'm thinking something like: 1- Uninstall python-devel packages 2- Remove easy_install or pip (any such install utilities) 3- Keep only very basic modules under /usr/lib/python<>/site-packages and delete the others. Thanks. -- ---- Cheers, Lakshmipathi.G FOSS Programmer. www.giis.co.in On Wed, Aug 7, 2013 at 11:35 AM, dieter <dieter@handshake.de> wrote: > "Lakshmipathi.G" <lakshmipathi.g@gmail.com> writes: > >> We have a server running a web-based terminal emulator (based on shellinabox >> for screen-casting check www.webminal.org) that allows users to learn >> simple bash commands. This Linux environment secured by things like quota, >> selinux,ulimit etc >> >> Now some users are requesting python access. How to ensure python is executed >> in a restricted environment. I came across >> http://docs.python.org/2/library/restricted.html >> but it seems like disabled in 2.3. Any thoughts on how we can safely >> provide python access >> to users. > > When you are satisfied with the protection you have achieved > for bash commands, those same protection might be sufficient > for Python as well. I assume that you used operating system > facilities to restrict what the (system) user can do on the > operating system level: the same restriction would apply to the > (same) user executing Python code. > > -- > http://mail.python.org/mailman/listinfo/python-list
Back to comp.lang.python | Previous | Next | Find similar | Unroll thread
Re: Reg secure python environment with web terminal emulator "Lakshmipathi.G" <lakshmipathi.g@gmail.com> - 2013-08-07 14:45 +0530
csiph-web