Non-secure execution environment

R

rogeeff

Hi,

I am C++ guy for the most part and don't know much of Python, so,
please, bear with me if I am asking errrm..idiotic question.

Old rexec module provided kinda 'secure' execution environment. I am
not looking for security at this point. What I need an execution
environment which almost like rexec, but is non-secure.
What I want is:
separate global dictionary,
separate list of imported modules,
separate sys.path
(optionaly) separate __builtins__

I might be able to get away without my own builtins, but the rest I
need.

If it's any help, I plan to use it to execute embedded Python scripts
from C++.

Thanks,

Gennadiy
 
K

Ken Seehart

Hi,

I am C++ guy for the most part and don't know much of Python, so,
please, bear with me if I am asking errrm..idiotic question.

Old rexec module provided kinda 'secure' execution environment. I am
not looking for security at this point. What I need an execution
environment which almost like rexec, but is non-secure.
What I want is:
separate global dictionary,
separate list of imported modules,
separate sys.path
(optionaly) separate __builtins__

I might be able to get away without my own builtins, but the rest I
need.

If it's any help, I plan to use it to execute embedded Python scripts
from C++.

Thanks,

Gennadiy
Click to expand...

As far as I know, you can't make multiple instances of the python
environment from within python, but there is an easier way to get what
you want, given that this is an embedding situation.

See: http://wingware.com/psupport/python-manual/1.5/api/initialization.html

You can use Py_NewInterpreter() to create multiple instances of python,
which should give you the desired effect (though I have not tried this).

- Ken
 
A

Aaron Brady

Hi,

I am C++ guy for the most part and don't know much of Python, so,
please, bear with me if I am asking errrm..idiotic question.

Old rexec module provided kinda 'secure' execution environment. I am
not looking for security at this point. What I need an execution
environment which almost like rexec, but is non-secure.
  What I want is:
  separate global dictionary,
  separate list of imported modules,
  separate sys.path
  (optionaly) separate __builtins__

I might be able to get away without my own builtins, but the rest I
need.

If  it's any help, I plan to use it to execute embedded Python scripts
from C++.

Thanks,

Gennadiy
Click to expand...

It depends what you mean by secure environment. One option is to
create a subprocess, to just limit access your variables. Another is
to compile and examine their code yourself, and prohibit things like
access to the file class, the os module, etc.

I once had some success with removing the Lib folder, leaving only
certain exceptions, but you need a custom 2nd install for that.

In general, there's no good way. Python was designed to free your
mind, not tie your hands.
 
R

rogeeff

It depends what you mean by secure environment.  One option is to
create a subprocess, to just limit access your variables.  Another is
to compile and examine their code yourself, and prohibit things like
access to the file class, the os module, etc.
Click to expand...

I actually need *non-secure* execution environment. I just want
several independent ones.

Gennadiy
 
A

Aaron Brady

I actually need *non-secure* execution environment. I just want
several independent ones.

Gennadiy
Click to expand...

Oh. Ken gave you a good answer then. You can also check out the
'subprocess' and 'multiprocessing' modules. Any closer?
 
R

rogeeff

As far as I know, you can't make multiple instances of the python
environment from within python,
Click to expand...

How about rexec? It's almost there. It just enforces some restrictions
I do not need. The problem as I see it is that I need custom import
operator to maintain separate "imported modules" list. The custom
import required separate __builtins__ dictionary and that cause the
Python C implementation to choke on access to the restricted
attributes.

Would I be able to have custom import without updating builtins, I'd
get what I need. But I do not know how to achieve this.
but there is an easier way to get what
you want, given that this is an embedding situation.
Click to expand...
See:http://wingware.com/psupport/python-manual/1.5/api/initialization.html
Click to expand...

I am using Python 2.4, if it's matter
You can use Py_NewInterpreter() to create multiple instances of python,
which should give you the desired effect (though I have not tried this).
Click to expand...

What do I do with pointer generated by this function? How do I execute
anything inside this interpreter?

Also I am not sure how will this work with Boost.Python I am
employing.

Gennadiy
 
R

rogeeff

If anyone is interested I end up using rexec kinda class with only
difference that i am using native __builtin__ and resetting __import__
hook to and from local r_import implementation before and after I am
executing code in my environment.

Gennadiy
 
R

rogeeff

If anyone is interested I end up using rexec kinda class with only
difference that i am using native __builtin__ and resetting __import__
hook to and from local r_import implementation before and after I am
executing code in my environment.

Gennadiy
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

securing a python execution environment... 4
Newbie query about secure embedded python 1
whassup? builtins? python3000? Naah can't be right? 3
Is this the "right" way to do rexec? 1
sandbox python via module loader 0
Python ORMs Supporting POPOs and Substituting Layers in Django 10
Safe eval critique (homework done) 0
Re. suid/sudo in python 3

Members online

Total: 28 (members: 2, guests: 26)
Robots: 174

Forum statistics

Threads
473,774
Messages
2,569,599
Members
45,165
Latest member
JavierBrak

Latest Threads

Top