Restricted Access

Discussion in 'Python' started by iapain, Jul 10, 2006.

  1. iapain

    iapain Guest

    I'm developing a webIDE for python and I've 2 questions regarding it.

    1. How can i disable some of the modules without deleting. e.g I wish
    to disable "os" module.
    2. How can i force user code to access only his particular folder, I
    dont want to create uses in unix, e.g

    fp = open(PATH, 'w') # If this PATH is defined then use can access
    files else he cant .. is there is any way?

    Regards!
    iapain
    iapain, Jul 10, 2006
    #1
    1. Advertising

  2. iapain

    Tim Chase Guest

    > 1. How can i disable some of the modules without deleting. e.g I wish
    > to disable "os" module.


    If you're prepared for the massive breakage that will ensue, you can

    chmod go-rwx /usr/lib/python2.3/os.*

    (assuming *nix as you later detail).

    > 2. How can i force user code to access only his particular folder, I
    > dont want to create uses in unix, e.g


    Well, you can create a chroot jail for each user that contains a
    clone of your /usr/{lib/python2.3/,bin/,usr/bin/} directories.
    You'd have to include any other executables that the user would
    need (important stuff like ls, cp, mv, mkdir, rmdir,
    cvs/ci/co/rcs/svn, etc) This would ensure that each user doesn't
    access anything that you haven't explicitly copied in to their
    jail. Another alternative might just be to copy the python
    libraries to some place in the user's homedir (whatever their
    original library path was), revoke execute non-user execute privs
    from the python executable ("chmod go-x `which python`), and then
    change python to be a script that runs something like "chroot
    $HOME/ python $@". Allow per-user access to this script via sudo.

    Just a couple ideas you might try.

    -tkc
    Tim Chase, Jul 10, 2006
    #2
    1. Advertising

  3. iapain

    iapain Guest

    Tim Chase wrote:
    > If you're prepared for the massive breakage that will ensue, you can
    >
    > chmod go-rwx /usr/lib/python2.3/os.*


    No, I cant change permission or delete the module, the best would be
    something to detect 'import os' in user code .. but If i go with chroot
    jail approch then everything will be like what i want. But chroot jail
    approch would take much space on webserver, what would happen if number
    of users are large.

    > Another alternative might just be to copy the python
    > libraries to some place in the user's homedir (whatever their
    > original library path was), revoke execute non-user execute privs
    > from the python executable ("chmod go-x `which python`), and then
    > change python to be a script that runs something like "chroot
    > $HOME/ python $@". Allow per-user access to this script via sudo.


    Its having the same problem. The idea on which i am working is a
    webide(which i already created) and a user file system(on which i am
    working now) so that each user can access python globally and files
    from his own folder, without adding them in unix user list.

    Best!
    iapain, Jul 10, 2006
    #3
  4. "iapain" wrote:

    > No, I cant change permission or delete the module, the best would be
    > something to detect 'import os' in user code ..


    trust me, implementing a restricted execution model for Python that actually
    works is a *lot* harder than that.

    googling for "python restricted execution" might give you some clues.

    </F>
    Fredrik Lundh, Jul 11, 2006
    #4
  5. iapain

    iapain Guest

    > googling for "python restricted execution" might give you some clues.

    I've already assumed that there is no rexec for me as i am using python
    2.4. Yeah its much more difficult that my imagination. Should I go for
    alternatives like
    1. Assume every one who is using this webide, wont corrupt system
    2. Use some tricks to encrypt the user path and do lots of replacement
    on user code and o/p.

    or something else?

    Best!
    iapain
    iapain, Jul 11, 2006
    #5
  6. "iapain" wrote:

    > I've already assumed that there is no rexec for me as i am using python
    > 2.4. Yeah its much more difficult that my imagination. Should I go for
    > alternatives like
    > 1. Assume every one who is using this webide, wont corrupt system
    > 2. Use some tricks to encrypt the user path and do lots of replacement
    > on user code and o/p.
    >
    > or something else?


    unless you're willing to build a restricted runtime that runs on top of the core inter-
    preter, you should assume that anyone writing a Python script that's executed by
    your program has access to everything that your Python process has access to...

    </F>
    Fredrik Lundh, Jul 11, 2006
    #6
  7. iapain

    iapain Guest

    > unless you're willing to build a restricted runtime that runs on top of the core inter-
    > preter, you should assume that anyone writing a Python script that's executed by
    > your program has access to everything that your Python process has access to...


    I think using replacements I can ban atleast OS module and about files,
    either i should ban file open or write my own module something like
    rexec, truefully i dont know if I can write that one or not. I was
    thinking that this gonna take few days but looking much more difficult.
    Thanks Fred! for nice tutorials on www.
    iapain, Jul 11, 2006
    #7
  8. On Tue, 11 Jul 2006 06:21:39 -0700, iapain wrote:

    >> unless you're willing to build a restricted runtime that runs on top of the core inter-
    >> preter, you should assume that anyone writing a Python script that's executed by
    >> your program has access to everything that your Python process has access to...

    >
    > I think using replacements I can ban atleast OS module and about files,


    How are you planning on banning the module? Are you thinking about using
    source code scanning to detect risky code?

    What about modules which export os? It's one thing to "ban" os, but
    did you remember to ban glob.os? How about site.os? And netrc.os? And and
    and and...

    What about this line of code?

    my_innocent_object = __import__(''.join([chr(110+x) for x in [1, 5]]))


    Creating a restricted execution environment is *hard*. As far as I know,
    even Microsoft has never attempted it. And for all of Sun's resources and
    talent, security holes are sometimes found even in Java.



    --
    Steven
    Steven D'Aprano, Jul 11, 2006
    #8
  9. iapain

    iapain Guest


    > my_innocent_object = __import__(''.join([chr(110+x) for x in [1, 5]]))


    Thats really smart way, yeah i had plan to scan and detect but I think
    its not gonna work.

    > Creating a restricted execution environment is *hard*. As far as I know,
    > even Microsoft has never attempted it. And for all of Sun's resources and
    > talent, security holes are sometimes found even in Java.


    Does that mean there is no way to implement restricted enviorment?

    Best!
    iapain
    iapain, Jul 11, 2006
    #9
  10. In article <>,
    iapain <> wrote:
    .
    .
    .
    >Does that mean there is no way to implement restricted enviorment?

    .
    .
    .
    The most knowledgeable people have effectively given up, in
    regard to Python.

    As it happens, though, Tcl *does* admit quite an interesting
    restricted-execution model. Tcl was widely used in the '90s
    for "agent" experiments, and its "safe interpreters" are
    arguably more reliable than Java's restricted environment.
    Tcl is also roughly comparable to Python in its power and
    convenience for the individual developer. Should you want to
    pursue this subject, <URL: http://wiki.tcl.tk/safe > and <URL:
    http://wiki.tcl.tk/interp > might interest you.
    Cameron Laird, Jul 11, 2006
    #10
  11. iapain wrote:

    >
    >> my_innocent_object = __import__(''.join([chr(110+x) for x in [1, 5]]))

    >
    > Thats really smart way, yeah i had plan to scan and detect but I think
    > its not gonna work.
    >
    >> Creating a restricted execution environment is *hard*. As far as I know,
    >> even Microsoft has never attempted it. And for all of Sun's resources and
    >> talent, security holes are sometimes found even in Java.

    >
    > Does that mean there is no way to implement restricted enviorment?


    In a nutshell: yes, especially if not designed from ground up that way. If
    you need it, the best thing to do is to put some distance between your code
    and the possibly malicious one, using some RPC.

    Diez
    Diez B. Roggisch, Jul 11, 2006
    #11
  12. iapain

    K.S.Sreeram Guest

    Steven D'Aprano wrote:
    > Creating a restricted execution environment is *hard*. As far as I know,
    > even Microsoft has never attempted it. And for all of Sun's resources and
    > talent, security holes are sometimes found even in Java.


    Java is not the only restricted execution environment around.
    Javascript, as implemented by most browsers, is an excellent lightweight
    restricted execution environment, and there are many browsers which have
    good implementations.

    Regards
    Sreeram


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2.2 (MingW32)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFEs9RGrgn0plK5qqURAnjvAKC/0kaWmWFI8un4016RGsNgm+3bggCgnhgh
    P3NgiQD1zTVcqazwkr/qNEc=
    =FBpd
    -----END PGP SIGNATURE-----
    K.S.Sreeram, Jul 11, 2006
    #12
  13. iapain

    iapain Guest

    > The most knowledgeable people have effectively given up, in
    > regard to Python.


    I guess now I am up with only one option, i.e hope that user input code
    wont be evil to the system. **which is rarely possible**
    iapain, Jul 11, 2006
    #13
  14. iapain

    Paul Rubin Guest

    "K.S.Sreeram" <> writes:
    > Java is not the only restricted execution environment around.
    > Javascript, as implemented by most browsers, is an excellent lightweight
    > restricted execution environment, and there are many browsers which have
    > good implementations.


    And we hear about browser security bugs all the time, for which the
    workaround is "shut off javascript".
    Paul Rubin, Jul 11, 2006
    #14
  15. iapain

    Georg Brandl Guest

    Cameron Laird wrote:
    > In article <>,
    > iapain <> wrote:
    > .
    > .
    > .
    >>Does that mean there is no way to implement restricted enviorment?

    > .
    > .
    > .
    > The most knowledgeable people have effectively given up, in
    > regard to Python.


    Brett Cannon is currently trying to come up with a comprehensive spec
    and implementation of a sandboxed Python interpreter, for use in
    Mozilla as a JavaScript replacement. (look in the python-dev archives
    for more)

    Georg
    Georg Brandl, Jul 11, 2006
    #15
  16. iapain

    iapain Guest

    > Brett Cannon is currently trying to come up with a comprehensive spec
    > and implementation of a sandboxed Python interpreter, for use in
    > Mozilla as a JavaScript replacement. (look in the python-dev archives
    > for more)


    I'm not sure he is working or not, latest i read was he purposed new
    restricted enviornment for python.

    Best!
    iapain, Jul 11, 2006
    #16
  17. iapain

    gene tani Guest

    gene tani, Jul 11, 2006
    #17
  18. iapain

    Dave Hansen Guest

    On 11 Jul 2006 10:19:22 -0700 in comp.lang.python, Paul Rubin
    <http://> wrote:

    >"K.S.Sreeram" <> writes:
    >> Java is not the only restricted execution environment around.
    >> Javascript, as implemented by most browsers, is an excellent lightweight
    >> restricted execution environment, and there are many browsers which have
    >> good implementations.

    >
    >And we hear about browser security bugs all the time, for which the
    >workaround is "shut off javascript".


    And Java...

    Regards,

    -=Dave

    --
    Change is inevitable, progress is not.
    Dave Hansen, Jul 11, 2006
    #18
  19. iapain

    K.S.Sreeram Guest

    Paul Rubin wrote:
    > "K.S.Sreeram" <> writes:
    >> Java is not the only restricted execution environment around.
    >> Javascript, as implemented by most browsers, is an excellent lightweight
    >> restricted execution environment, and there are many browsers which have
    >> good implementations.

    >
    > And we hear about browser security bugs all the time, for which the
    > workaround is "shut off javascript".


    They all have bugs (including java), but atleast the architecture itself
    isnt flawed (unlike say, ActiveX).

    Anyways, the point I was trying to make is that, Sun is not the only one
    to have implemented a restricted execution environment. Opera, Mozilla,
    Safari etc,have all done it.

    Regards
    Sreeram




    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2.2 (MingW32)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFEtDp/rgn0plK5qqURAo6gAJ496tWGJmmKTga2MtscI41uiL6+WACaA7C5
    DxcvH4TIwQEQBCEZuPXA95Y=
    =X1ju
    -----END PGP SIGNATURE-----
    K.S.Sreeram, Jul 12, 2006
    #19
  20. On 11 Jul 2006 07:55:52 -0700, "iapain" <> declaimed the
    following in comp.lang.python:

    >
    > Does that mean there is no way to implement restricted enviorment?
    >

    Do you have an IBM s/370 running VM/CMS? VM was sort of an OS for
    running multiple OSs, so it would be the "restricted environment" <G>

    Of course, getting Python to build is another matter (native
    scripting language since the mid-80s is REXX).
    --
    Wulfraed Dennis Lee Bieber KD6MOG

    HTTP://wlfraed.home.netcom.com/
    (Bestiaria Support Staff: )
    HTTP://www.bestiaria.com/
    Dennis Lee Bieber, Jul 12, 2006
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Thomas G. Marshall
    Replies:
    6
    Views:
    428
    Thomas Hawtin
    Oct 20, 2005
  2. PW
    Replies:
    0
    Views:
    375
  3. Oli Filth
    Replies:
    1
    Views:
    449
    ...D.
    Jan 29, 2005
  4. Keith R
    Replies:
    2
    Views:
    432
    =?Utf-8?B?QklUUyBlcnJvciBjb2RlIC0yMTQ3MDI0ODkxIG9y
    Apr 24, 2007
  5. Luciano \(DOC\)

    Restricted access download

    Luciano \(DOC\), Sep 1, 2010, in forum: ASP .Net
    Replies:
    1
    Views:
    587
    Jason Keats
    Sep 2, 2010
Loading...

Share This Page