Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #18724

codecs in a chroot / without fs access

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

I want to forbid my application to access the filesystem. The easiest
way seems to be chrooting and droping privileges. However, surprisingly,
python loads the codecs from the filesystem on-demand, which makes my
program crash:

>>> import os
>>> os.getuid()
0
>>> os.chroot('/tmp')
>>> ''.decode('raw-unicode-escape')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>

(Interestingly, Python goes looking for the literal file "<stdin>" in
sys.path. Wonder what happens if I touch
/usr/lib/python2.7/dist-packages/<stdin>).

Is there a neat way to solve this problem, i.e. have access to all
codecs in a chroot?


If not, I'd love to have a function codecs.preload_all() that does what
my workaround does:

import codecs,glob,os.path
encs = [os.path.splitext(os.path.basename(f))[0]
        for f in glob.glob('/usr/lib/python*/encodings/*.py')]
for e in encs:
  try:
    codecs.lookup(e)
  except LookupError:
    pass # __init__.py or something


enumerate /usr/lib/python.*/encodings/*.py and call codecs.lookup for
every os.path.splitext(os.path.basename(filename))[0]

Dou you see any problem with this design?


- Philipp

Back to comp.lang.python | Previous | Next — Next in thread | Find similar | Unroll thread

Thread

codecs in a chroot / without fs access Philipp Hagemeister <phihag@phihag.de> - 2012-01-10 01:41 +0100
  Re: codecs in a chroot / without fs access Miki Tebeka <miki.tebeka@gmail.com> - 2012-01-10 08:33 -0800
  Re: codecs in a chroot / without fs access Miki Tebeka <miki.tebeka@gmail.com> - 2012-01-10 08:33 -0800
  Re: codecs in a chroot / without fs access K Richard Pixley <rich@noir.com> - 2012-01-10 08:42 -0800

csiph-web