Path: csiph.com!usenet.pasdenom.info!news.etla.org!news.stack.nl!newsfeed.xs4all.nl!newsfeed3.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path: <lakshmipathi.g@gmail.com>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.027
X-Spam-Evidence: '*H*': 0.95; '*S*': 0.00; 'binary': 0.07; 'executable': 0.09; 'foss': 0.09; 'wrong,': 0.09; 'cc:addr:python- list': 0.11; 'invokes': 0.16; 'limit.': 0.16; 'spawn': 0.16; 'subject:python': 0.16; 'cc:addr:python.org': 0.22; 'creating': 0.23; 'cheers,': 0.24; 'cc:2**0': 0.24; 'cc:no real name:2**0': 0.24; 'header:In-Reply-To:1': 0.27; '----': 0.29; 'message- id:@mail.gmail.com': 0.30; "i'm": 0.30; 'file': 0.32; 'raw': 0.33; 'could': 0.34; 'subject:with': 0.35; 'info': 0.35; 'problem.': 0.35; 'received:google.com': 0.35; 'thanks': 0.36; 'possible': 0.36; 'process,': 0.38; 'anything': 0.39; 'more': 0.64; 'due': 0.66; 'response.': 0.68; 'safe': 0.72; 'execution.': 0.84; 'quota': 0.93
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=cZni0d/UzDxW/flEFth724mozizecGfpbNRIYEH31XE=; b=CACLjavOX3fms63cyE7OH3jb6PsOThUVwHLHrkjMY2Ovs0vu1rS6MIOjINDzLXeYUu j3VE61hWEQ+DNv29XA/VBX8cbw/ooxbULXtnxZWHJpUBbHK3pWwWVh708WlbGldvSZwY 2GESzDL4v3ZKGOZgA3j7DR4nUrnpuZSbpuRjkDD8gZNvEbs50ifJkSux9s7vUKFSJHOW OXsgTsMv4HwMbA2v7IpvtMEv3jnc304EpTgSzoWdvobeJKn3Su6pSigErbM0GiJi1gG5 GhFi25yzdEokQuErndsKD65HkOAgCURbRKDJasbq+9JnIBGnjRYnmZ7jdopceylPDBJJ 3z/g==
X-Received: by 10.180.183.43 with SMTP id ej11mr4055507wic.9.1375935301994; Wed, 07 Aug 2013 21:15:01 -0700 (PDT)
MIME-Version: 1.0
In-Reply-To: <m0j50993ocs94klmj4gu76kujhupln4rvi@4ax.com>
References: <CAKuJGC9tXOS9KGig9fLBp+1D-kx9wdBNe6JaHQ8OprOOf19_6w@mail.gmail.com> <87txj2m3ws.fsf@handshake.de> <CAKuJGC-FCJeFzKb1xeRXBdoqW3MbFMGk+0KUBzWZYoorhq6umQ@mail.gmail.com> <m0j50993ocs94klmj4gu76kujhupln4rvi@4ax.com>
From: "Lakshmipathi.G" <lakshmipathi.g@gmail.com>
Date: Thu, 8 Aug 2013 09:44:41 +0530
Subject: Re: Reg secure python environment with web terminal emulator
To: Dennis Lee Bieber <wlfraed@ix.netcom.com>
Content-Type: text/plain; charset=ISO-8859-1
Cc: python-list@python.org
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.336.1375935309.1251.python-list@python.org>
Lines: 23
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1375935309 news.xs4all.nl 15974 [2001:888:2000:d::a6]:51708
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:52165

>         If you permit file I/O and anything that can spawn a process, it is
> possible to create a raw binary executable and trigger its execution.
> --

Yes,we permit file i/o with quota limits and spawning a process is
allowed upto a limit.
If I'm not wrong, we will be safe if user invokes  subprocess  or
os.system('sudo') calls
due to system constraints.

Could you please share more info about creating raw binary executable
and its potential
problem.

Thanks for your response.


-- 
----
Cheers,
Lakshmipathi.G
FOSS Programmer.
www.giis.co.in