Bastion/rexec use cases?

[Paul Miller]

Bastion and rexec have been deprecated since Python 2.2, so it seems
we (the Python community) have gotten along well enough without them.
Have these modules not been reimplemented because:

a) There are no valid use cases for them.
b) Doing so would be difficult and prone to breakage as new features
are introduced into the language.
c) Nobody has any idea how to do it.
d) Nobody cares.
e) Guido thinks it's a bad idea.

or, some combination of these?

 

[Steve Holden]

Bastion and rexec have been deprecated since Python 2.2, so it seems
we (the Python community) have gotten along well enough without them.
Have these modules not been reimplemented because:

a) There are no valid use cases for them.
b) Doing so would be difficult and prone to breakage as new features
are introduced into the language.
c) Nobody has any idea how to do it.
d) Nobody cares.
e) Guido thinks it's a bad idea.

or, some combination of these?

All of the above except c) and d), I think.

You might like to Google for something like

Brett Cannon secure Python

to get up to speed on some work that may eventually result in Python
acquiring a more security-minded framework. Bastion and rexec were so
full of holes you could drive a London double-decker bus through them,
so their deprecation and eventual exclusion was felt to be safer than
leaving them in to be mistaken for secure code.

regards
Steve
--
Steve Holden +1 571 484 6266 +1 800 494 3119
Holden Web LLC/Ltd http://www.holdenweb.com
Skype: holdenweb http://del.icio.us/steve.holden
------------------ Asciimercial ---------------------
Get on the web: Blog, lens and tag your way to fame!!
holdenweb.blogspot.com squidoo.com/pythonology
tagged items: del.icio.us/steve.holden/python
All these services currently offer free registration!
-------------- Thank You for Reading ----------------

 

[Duncan Booth]

Bastion and rexec have been deprecated since Python 2.2, so it seems
we (the Python community) have gotten along well enough without them.
Have these modules not been reimplemented because:

a) There are no valid use cases for them.
b) Doing so would be difficult and prone to breakage as new features
are introduced into the language.
c) Nobody has any idea how to do it.
d) Nobody cares.
e) Guido thinks it's a bad idea.

or, some combination of these?

I think it is mostly 'b' plus partly nobody cares sufficiently to put the
time, money and effort behind it.

The recent release of Silverlight means that there is now a way to run
Python in a secure sandbox. At present it is only available for Windows and
Mac, but hopefully the Mono community will be able to overcome that
deficiency (also of course you don't get all of the standard Python
libraries): see http://www.mono-project.com/Moonlight for the current state
of the Mono based Silverlight implementation.

 

[Paul Boddie]

I think it is mostly 'b' plus partly nobody cares sufficiently to put the
time, money and effort behind it.

I'd agree with this, adding that (c) is increasingly starting to apply
to CPython as new features make any potential sandboxing strategy less
coherent. Brett Cannon appears to be tackling this situation head-on,
however.

The recent release of Silverlight means that there is now a way to run
Python in a secure sandbox.

Also possible with Jython for a long time, I believe. Meanwhile,
others (including non-Python developers) have turned to other kinds of
solutions including virtualisation at different levels. See this page
for more discussion:

http://wiki.python.org/moin/SandboxedPython

I've experimented somewhat with a chroot-based solution, although I'm
reluctant to make it available because of an uncertainty as to whether
it really offers proper "jailing" of the executed code, along with
concerns that people may consider it secure without doing their own
homework on the matter. Ideally, I'd want to trim the Python
interpreter right down to the very basic virtual machine (without I/O)
and then build the different extensions back on in a security-oriented
framework, but I guess this is what Mr Cannon has in mind.

Paul