Home Original page

securing a python execution environment...

Giles Brown giles_brown at hotmail.com
Mon Nov 19 09:01:28 EST 2007 
On 19 Nov, 11:16, Chris Withers <ch... at simplistix.co.uk> wrote:
> Hi All,
>
> I'm trying to build a secure execution environment for bits of python
> for two reasons:
>
> - to allow users of the system to write scripts in python without
> circumventing the application's security model
>
> - to allow the system to have an environment where security is handled
> without having to do explicit checks in every piece of example code.
>
> This second point is better demonstrated by an example:
>
> Bad:
>
>  >>> from security import check,AccessDenied
>  >>> if check(someobj,'someattr'):
>  >>>   print someattr
>  >>> else:
>  >>>   raise AccessDenied("can't access 'someattr')
> Traceback (most recent call last):
>    File "<stdin>", line ?, in ?
> AccessDenied: can't access 'someattr'
>
> Good:
>
>  >>> someobj.someattr
> Traceback (most recent call last):
>    File "<stdin>", line ?, in ?
> AccessDenied: can't access 'someattr'
>
> Now, I think I can get a lot of this from Zope 3's security proxy
> objects, however I need to find a way to limit the importing of modules
> to, for example, prevent people importing the method that unwraps the
> proxy objects ;-)
>
> Have other people bumped into this problem?
> What solutions do people recommend?
>
> cheers,
>
> Chris
>
> --
> Simplistix - Content Management, Zope & Python Consulting
>             -http://www.simplistix.co.uk

Maybe this is of interest?
http://codespeak.net/pypy/dist/pypy/doc/sandbox.html
More information about the Python-list mailing list