Replacement for rexec/Bastion?

Discussion in 'Python' started by Colin Coghill (SFive), Aug 26, 2003.

  1. Hi, a year or so back some students of mine and I wrote some software
    which made use of the rexec module to run untrusted user code relatively
    safely. (We were creating a prototype of a mobile-code style app)

    I'm now working on another project which will need to be able to
    do something similar, and I noticed that rexec and Bastion have been
    withdrawn for (in)security reasons.

    I've searched fairly hard, and have been unable to find any replacement,
    but notice that the source still seems to have some form of restricted
    environment available (involving __builtins__ manipulation), but I can't
    find any documentation or discussion of this.

    Is Python (preferably CPython 2.3) still able to "sandbox" bits of code
    under an application provided API safely?

    Even Jython or Stackless would be ok, I suppose.

    I'd like to be able to have (possibly malicious) users of my software able
    to script behavior using small snippets of python code. Anything from a line
    to maybe a few pages in length each. I can trap endless loops and the like,
    but I need something to stop them just importing sys and raising havoc.

    - Colin
    Colin Coghill (SFive), Aug 26, 2003
    #1
    1. Advertising

  2. "Colin Coghill (SFive)" <> writes:

    [snippety]

    > I'd like to be able to have (possibly malicious) users of my software able
    > to script behavior using small snippets of python code. Anything from a line
    > to maybe a few pages in length each. I can trap endless loops and the like,
    > but I need something to stop them just importing sys and raising havoc.


    Zope's RestrictedPython might be an option.

    Cheers,
    mwh

    --
    how am I expected to quit smoking if I have to deal with NT
    every day -- Ben Raia
    Michael Hudson, Aug 26, 2003
    #2
    1. Advertising

  3. Colin Coghill (SFive) wrote:

    ....

    > Is Python (preferably CPython 2.3) still able to "sandbox" bits of code
    > under an application provided API safely?
    >
    > Even Jython or Stackless would be ok, I suppose.


    I really love to see Stackless mentioned, but I don't
    see how this is related?
    Stackless, due to its ability to pickle and transfer
    executable code, is much more "dangerous" than regular
    Python, if used in the correct "wrong" mode.

    ciao - chris

    --
    Christian Tismer :^) <mailto:>
    Mission Impossible 5oftware : Have a break! Take a ride on Python's
    Johannes-Niemeyer-Weg 9a : *Starship* http://starship.python.net/
    14109 Berlin : PGP key -> http://wwwkeys.pgp.net/
    work +49 30 89 09 53 34 home +49 30 802 86 56 mobile +49 173 24 18 776
    PGP 0x57F3BF04 9064 F4E1 D754 C2FF 1619 305B C09C 5A3B 57F3 BF04
    whom do you want to sponsor today? http://www.stackless.com/
    Christian Tismer, Aug 28, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Colin Coghill (SFive)

    Re: Replacement for rexec/Bastion?

    Colin Coghill (SFive), Aug 27, 2003, in forum: Python
    Replies:
    1
    Views:
    551
    Michael Hudson
    Aug 27, 2003
  2. Michael Chermside

    RE: Replacement for rexec/Bastion?

    Michael Chermside, Aug 27, 2003, in forum: Python
    Replies:
    3
    Views:
    525
    Colin Coghill (SFive)
    Aug 28, 2003
  3. Huaiyu Zhu

    replacement of rexec?

    Huaiyu Zhu, Oct 23, 2003, in forum: Python
    Replies:
    9
    Views:
    320
    John J. Lee
    Nov 5, 2003
  4. Erik Johnson

    recec & Bastion ?

    Erik Johnson, Apr 11, 2007, in forum: Python
    Replies:
    2
    Views:
    259
    Gabriel Genellina
    Apr 12, 2007
  5. Paul Miller

    Bastion/rexec use cases?

    Paul Miller, May 7, 2007, in forum: Python
    Replies:
    3
    Views:
    497
    Paul Boddie
    May 7, 2007
Loading...

Share This Page