Newbie query about secure embedded python

Discussion in 'Python' started by Richard Dwan, Jan 2, 2007.

  1. Richard Dwan

    Richard Dwan Guest

    (Originally incorrectly posted to C++ SIG mailing
    list)

    Hello,

    First let me apologise if this question is obvious -
    I've never embedded python before and I am deciding of
    it meets my needs.



    My question is; is there a secure python interpreter
    that prevents malicious code from using C/C++ modules
    or built-in functions from causing damage to a users
    system.


    My objective is to have an embedded interpreted
    language to drive all non CPU intensive application
    behaviour with user / downloadable scripts to
    customise the UI / scripting processing.

    My concern with a simply embedding python is that this
    would give arbitrary scripts the ability to make
    system level changes (e.g. destructive abilities using
    file access). As I wish to encourage scripts to be
    shared across the Internet this could not be
    tolerated.

    Python provides a very good script language to which I
    can expose application specific functions/objects
    using the already documented methods. To use Python
    with the above security restrictions I would need to
    be able to disable all file / system built-ins when
    running the interpreter across user scripts. In
    addition, importing C/C++ functions would have to be
    disabled as well. As a complication, a set of
    'approved C/C++ functions' such as numpy would need to
    be supported in order to allow the user to do 'useful
    processing' within the scripts driving the
    application.

    My naive solution would be to customise the
    'PyImport_Import' and 'PyObject_CallObject' routines
    used with user scripts so that:
    --- an imported C/C++ module would be checked against
    an approved list to prevent arbitrary C/C++ code from
    being executed
    --- built-in function calls would be checked against
    an approved list to prevent system damaging calls from
    being made
    --- the application API that is exposed to the user
    code must not expose to scripts a way of damaging
    anything more than the data currently being
    'processed'
    --- the application would have to ensure that user
    code is only executed within the secure interpreter
    scope (e.g. not use callbacks to user script code
    outside the secure interpreter)

    Has the necessary secure python interpreter already
    been created / a work in progress?



    Many thanks for any advice you can give me,
    Richard

    Send instant messages to your online friends http://uk.messenger.yahoo.com
     
    Richard Dwan, Jan 2, 2007
    #1
    1. Advertising

  2. Richard Dwan

    Paul Rubin Guest

    Richard Dwan <> writes:
    > My question is; is there a secure python interpreter
    > that prevents malicious code from using C/C++ modules
    > or built-in functions from causing damage to a users
    > system.


    You mean like a java sandbox? There used to be one in Python (the
    rexec/Bastion modules) but they were removed for security reasons
    (i.e. they weren't secure and there was no way to fix the holes).
    There seems to currently be no really reliable way to do what you're
    asking. Your best bet may be either a small JVM, or a very limited
    special purpose language that you could implement in Python.
     
    Paul Rubin, Jan 2, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. A.M
    Replies:
    5
    Views:
    5,449
    Teemu Keiski
    Jun 8, 2004
  2. Daniel Malcolm
    Replies:
    0
    Views:
    557
    Daniel Malcolm
    Jan 24, 2005
  3. zdrakec
    Replies:
    1
    Views:
    438
    zdrakec
    Jul 25, 2005
  4. Joe
    Replies:
    5
    Views:
    962
    Steven Cheng[MSFT]
    Dec 13, 2005
  5. verbal kint
    Replies:
    1
    Views:
    552
    Sudsy
    Sep 4, 2004
Loading...

Share This Page