Home Original page

Executing untrusted scripts in a sandboxed environment

Ramchandra Apte maniandram01 at gmail.com
Sat Oct 6 05:10:20 EDT 2012 
On Saturday, 6 October 2012 12:49:29 UTC+5:30, Chris Angelico  wrote:
> On Sat, Oct 6, 2012 at 8:22 AM, Robin Krahl <me at robin-krahl.de> wrote:
> 
> > Hi all,
> 
> >
> 
> > I need to execute untrusted scripts in my Python application. To avoid security issues, I want to use a sandboxed environment. This means that the script authors have no access to the file system. They may only access objects, modules and classes that are "flagged" or "approved" for scripting.
> 
> >
> 
> > I read that I will not be able to do this with Python scripts. (See SandboxedPython page in the Python wiki [0] and several SE.com questions, e. g. [1].) So my question is: What is the best way to "embed" a script engine in a sandboxed environment that has access to the Python modules and classes that I provide?
> 
> 
> 
> With extreme difficulty. A while back (couple years maybe? I don't
> 
> remember), I ignored everyone's warnings and tried to make a sandboxed
> 
> Python, embedded in a C++ application. It failed in sandboxing. With
> 
> just some trivial tinkering using Python's introspection facilities, a
> 
> couple of python-list people managed to read and write files, and
> 
> other equally dangerous actions. Shortly thereafter, we solved the
> 
> problem completely... by switching to JavaScript.
> 
> 
> 
> Embedding CPython in an application simply doesn't afford sandboxing.
> 
> To what extent do you actually need to run untrusted Python? Can you,
> 
> for instance, sandbox the entire process (which wasn't an option for
> 
> what we were doing)? Perhaps chrooting the Python interpreter will do
> 
> what you need. But there may still be leaks, I don't know.
> 
> 
> 
> ChrisA

Something like ast.literal_eval may be useful.
More information about the Python-list mailing list