Re: Executing untrusted scripts in a sandboxed environment

Discussion in 'Python' started by Chris Angelico, Oct 6, 2012.

  1. On Sat, Oct 6, 2012 at 8:22 AM, Robin Krahl <> wrote:
    > Hi all,
    >
    > I need to execute untrusted scripts in my Python application. To avoid security issues, I want to use a sandboxed environment. This means that the script authors have no access to the file system. They may only access objects, modules and classes that are "flagged" or "approved" for scripting.
    >
    > I read that I will not be able to do this with Python scripts. (See SandboxedPython page in the Python wiki [0] and several SE.com questions, e. g. [1].) So my question is: What is the best way to "embed" a script engine ina sandboxed environment that has access to the Python modules and classes that I provide?


    With extreme difficulty. A while back (couple years maybe? I don't
    remember), I ignored everyone's warnings and tried to make a sandboxed
    Python, embedded in a C++ application. It failed in sandboxing. With
    just some trivial tinkering using Python's introspection facilities, a
    couple of python-list people managed to read and write files, and
    other equally dangerous actions. Shortly thereafter, we solved the
    problem completely... by switching to JavaScript.

    Embedding CPython in an application simply doesn't afford sandboxing.
    To what extent do you actually need to run untrusted Python? Can you,
    for instance, sandbox the entire process (which wasn't an option for
    what we were doing)? Perhaps chrooting the Python interpreter will do
    what you need. But there may still be leaks, I don't know.

    ChrisA
     
    Chris Angelico, Oct 6, 2012
    #1
    1. Advertising

  2. On Saturday, 6 October 2012 12:49:29 UTC+5:30, Chris Angelico wrote:
    > On Sat, Oct 6, 2012 at 8:22 AM, Robin Krahl <> wrote:
    >
    > > Hi all,

    >
    > >

    >
    > > I need to execute untrusted scripts in my Python application. To avoid security issues, I want to use a sandboxed environment. This means that thescript authors have no access to the file system. They may only access objects, modules and classes that are "flagged" or "approved" for scripting.

    >
    > >

    >
    > > I read that I will not be able to do this with Python scripts. (See SandboxedPython page in the Python wiki [0] and several SE.com questions, e. g.. [1].) So my question is: What is the best way to "embed" a script engine in a sandboxed environment that has access to the Python modules and classes that I provide?

    >
    >
    >
    > With extreme difficulty. A while back (couple years maybe? I don't
    >
    > remember), I ignored everyone's warnings and tried to make a sandboxed
    >
    > Python, embedded in a C++ application. It failed in sandboxing. With
    >
    > just some trivial tinkering using Python's introspection facilities, a
    >
    > couple of python-list people managed to read and write files, and
    >
    > other equally dangerous actions. Shortly thereafter, we solved the
    >
    > problem completely... by switching to JavaScript.
    >
    >
    >
    > Embedding CPython in an application simply doesn't afford sandboxing.
    >
    > To what extent do you actually need to run untrusted Python? Can you,
    >
    > for instance, sandbox the entire process (which wasn't an option for
    >
    > what we were doing)? Perhaps chrooting the Python interpreter will do
    >
    > what you need. But there may still be leaks, I don't know.
    >
    >
    >
    > ChrisA


    Something like ast.literal_eval may be useful.
     
    Ramchandra Apte, Oct 6, 2012
    #2
    1. Advertising

  3. On Sat, Oct 6, 2012 at 7:10 PM, Ramchandra Apte <> wrote:
    > On Saturday, 6 October 2012 12:49:29 UTC+5:30, Chris Angelico wrote:
    >> On Sat, Oct 6, 2012 at 8:22 AM, Robin Krahl <> wrote:
    >> > What is the best way to "embed" a script engine in a sandboxed environment that has access to the Python modules and classes that I provide?

    >>
    >> With extreme difficulty.

    >
    > Something like ast.literal_eval may be useful.


    Not really; it's hardly sufficient. That sort of feature is handy for
    making an expression evaluator; for instance, you could implement a
    powerful calculator with it. But it's far too limited for most
    applications.

    The main problem is permitting some of the basic builtins (like True,
    False, len(), etc), without those objects being used as gateways. Did
    you know, for instance, that len.__self__.open() can be used to read
    and write files on the file system?

    ChrisA
     
    Chris Angelico, Oct 6, 2012
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Emanuele D'Arrigo

    Executing untrusted code

    Emanuele D'Arrigo, Aug 7, 2009, in forum: Python
    Replies:
    6
    Views:
    343
    Emanuele D'Arrigo
    Aug 20, 2009
  2. Rohan Malhotra
    Replies:
    0
    Views:
    222
    Rohan Malhotra
    Feb 27, 2011
  3. Robin Krahl
    Replies:
    2
    Views:
    205
    Ramchandra Apte
    Oct 6, 2012
  4. Mark Lawrence
    Replies:
    0
    Views:
    169
    Mark Lawrence
    Oct 6, 2012
  5. Rodrick Brown
    Replies:
    0
    Views:
    171
    Rodrick Brown
    Oct 6, 2012
Loading...

Share This Page