Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #31648

Re: use of exec()

Show all headers | View raw

On Thursday, October 18, 2012 4:29:45 PM UTC+2, Chris Angelico wrote:
> On Fri, Oct 19, 2012 at 1:07 AM, lars van gemerden <lars@rational-it.com> wrote:
> 
> > Thanks, Chris,
> 
> >
> 
> > That works like a charm (after replacig "return ns.function" with "return ns['function']" ;-) ).
> 
> 
> 
> Err, yes, I forget sometimes that Python doesn't do that. JavaScript
> 
> and Pike both let you (though Pike uses -> instead of . for that
> 
> operator). Yes, Python has real methods on dictionary objects :)
> 
> 
> 
> > About the security, i noticed you can still import and use modules within the exec'ed code. Is there a way to prevent this or otherwise make this approach more secure.
> 
> 
> 
> Basically no, there's no real way to make it secure. Without
> 
> eliminating exec/eval, destroying insecurity is the hopeless work of a
> 
> wasted life, as the oracle said to Alice.
> 
> 
> 
> > I should say that the users that will be able to make custom functions, are not end-users, but authenticated designers, however i would like to close a backdoor to the whole framework.
> 
> 
> 
> You have to decide one thing: Will you permit them to execute
> 
> untrusted code on your system? If so, go ahead (and just warn them
> 
> that things like import shouldn't be done, as they can cause other
> 
> messes). I run a server that I build with the help of another guy (I
> 
> do the code, he does the bulk of the content - descriptions and
> 
> stuff), and I'm happy to trust him to not be malicious, so the purpose
> 
> of "embedded code in loci" is to make it easier to write tiny bits of
> 
> code, without any security requirement. But if you need security,
> 
> don't use eval. AT ALL.
> 
> 
> 
> There may be a brand new service coming along, though. The ast module
> 
> I think is getting a new evaluator that allows a little more
> 
> functionality than literal_eval, while still not permitting most
> 
> things. But you then have the question of performance, since you
> 
> effectively interpret the code at a high level.
> 
> 
> 
> ChrisA

I get your point, since in this case having the custom code option makes the system a whole lot less complex and flexible, i will leave the option in. The future customer will be informed that they should handle the security around the designers as if they were programmers. Aditionally i will probably add some screening for unwanted keywords (like 'import') and securely log any new/changed custom code including the designer account (must do that for other actions anyway).

Thanks again, Lars

Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread

Thread

use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 04:41 -0700
  Re: use of exec() Chris Angelico <rosuav@gmail.com> - 2012-10-18 22:49 +1100
    Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 07:07 -0700
      Re: use of exec() Chris Angelico <rosuav@gmail.com> - 2012-10-19 01:29 +1100
        Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 08:00 -0700
          Re: use of exec() Chris Angelico <rosuav@gmail.com> - 2012-10-19 02:16 +1100
            Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-19 16:43 -0700
              Re: use of exec() Chris Angelico <rosuav@gmail.com> - 2012-10-20 13:00 +1100
                Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-20 03:41 -0700
                Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-20 03:41 -0700
            Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-19 16:43 -0700
        Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 08:00 -0700
    Re: use of exec() lars van gemerden <lars@rational-it.com> - 2012-10-18 07:07 -0700

csiph-web