Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #52124 > unrolled thread

Re: Reg secure python environment with web terminal emulator

Started by"Lakshmipathi.G" <lakshmipathi.g@gmail.com>
First post2013-08-07 14:45 +0530
Last post2013-08-07 14:45 +0530
Articles 1 — 1 participant

Back to article view | Back to comp.lang.python

This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by below is the oldest one visible, not the original post.

Contents

  Re: Reg secure python environment with web terminal emulator "Lakshmipathi.G" <lakshmipathi.g@gmail.com> - 2013-08-07 14:45 +0530

#52124 — Re: Reg secure python environment with web terminal emulator

From"Lakshmipathi.G" <lakshmipathi.g@gmail.com>
Date2013-08-07 14:45 +0530
SubjectRe: Reg secure python environment with web terminal emulator
Message-ID<mailman.308.1375866972.1251.python-list@python.org>
Hi -

Thanks for the response. Yes, we used OS features to
restrict the system user accounts.

We don't allow gcc - this helped us to avoid  kernel exploits via C code like :
https://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id=42827&forum=59
https://bugzilla.redhat.com/show_bug.cgi?id=962792

We are concerned whether user may try C exploits via Python code and break the
system. What's the minimal python set-up you would suggest? I'm
thinking something like:

1- Uninstall python-devel packages
2- Remove easy_install or pip (any such install utilities)
3- Keep only very basic modules under /usr/lib/python<>/site-packages
and delete the others.

Thanks.


-- 
----
Cheers,
Lakshmipathi.G
FOSS Programmer.
www.giis.co.in






On Wed, Aug 7, 2013 at 11:35 AM, dieter <dieter@handshake.de> wrote:
> "Lakshmipathi.G" <lakshmipathi.g@gmail.com> writes:
>
>> We have a server running a web-based terminal emulator (based on shellinabox
>> for screen-casting  check www.webminal.org) that allows users to learn
>> simple bash commands. This Linux environment secured by things like quota,
>> selinux,ulimit  etc
>>
>> Now some users are requesting python access. How to ensure python is executed
>> in a restricted environment. I came across
>> http://docs.python.org/2/library/restricted.html
>> but it seems like disabled in 2.3. Any thoughts on how we can safely
>> provide python access
>> to users.
>
> When you are satisfied with the protection you have achieved
> for bash commands, those same protection might be sufficient
> for Python as well. I assume that you used operating system
> facilities to restrict what the (system) user can do on the
> operating system level: the same restriction would apply to the
> (same) user executing Python code.
>
> --
> http://mail.python.org/mailman/listinfo/python-list

[toc] | [standalone]

Back to top | Article view | comp.lang.python

csiph-web