restricted environment

  • Thread starter Gabriele *darkbard* Farina
  • Start date
G

Gabriele *darkbard* Farina

Hi,

I saw the rexec module is deprecated. I need to develop a python
application able to run custom python code based on a configuration
file that tells the path of the script that have to be executed. Those
scripts can be runned simultaneously trought threading module, but the
MUST not have any way to change the base application nor the other
scripts behaviour.

There is a way to reach this point without using rexec? There is a way
to start a python interpreter from python to run the scripts?

My final goal is to develop a simple fastcgi script that, based on
configuration files, is able to host different applications without
need to copy the script for any application and with any risk that the
scripts will ifluence in any way each other.

Any help?

Gabriele
 
P

Paul Rubin

Gabriele *darkbard* Farina said:
There is a way to reach this point without using rexec?

Not without a totally separate interpreter. If rexec were so easy
to fix, they'd fix it.
There is a way to start a python interpreter from python to run the
scripts?

Of course; use os.popen or something like that. Maybe not what you wanted.
My final goal is to develop a simple fastcgi script that, based on
configuration files, is able to host different applications without
need to copy the script for any application and with any risk that the
scripts will ifluence in any way each other.

You really can't. You need a separate interpreter for each user.
 
G

Gabriele *darkbard* Farina

Using a separate interpreter could be a solution, but restarting any
time the interpreter give me too much overhead and the application will
work as slow as a CGI app even if it runs using FastCGI.

Can't I put the interpreter to the starting state any time it finishes
a script execution without restarting it ?

The first attempt to reach my goal was to override the __import__
function to limit it working on modules that can be used and on custom
import directories that can be accessed. Then I executed the scripts
using exec. There is any security problem related to this solution ?

The other problem is about limiting accessible resources ...

Gabriele
 
P

Paul Rubin

Gabriele *darkbard* Farina said:
Using a separate interpreter could be a solution, but restarting any
time the interpreter give me too much overhead and the application will
work as slow as a CGI app even if it runs using FastCGI.

How many users are you talking about? Can you have a separate FastCGI
server for each one, running continuously?
 
K

K.S.Sreeram

Gabriele said:
The first attempt to reach my goal was to override the __import__
function to limit it working on modules that can be used and on custom
import directories that can be accessed. Then I executed the scripts
using exec. There is any security problem related to this solution ?

This won't work. Creating a secure restricted execution environment is
very hard. FYI, there is an ongoing discussion on python-dev about a new
attempt at something like rexec for python 2.6+.

[sreeram;]


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEvyGjrgn0plK5qqURAjFdAJ9Y2T6F1pbkp27ffj/sSHda3NJrhACbBf2M
Tixh+vHX8EbnN9+aJSwU3wc=
=Q/11
-----END PGP SIGNATURE-----
 
G

Gabriele *darkbard* Farina

Paul said:
How many users are you talking about? Can you have a separate FastCGI
server for each one, running continuously?

I could be the last solution, but I'd like to understand if a can use
only one FastCGI server to handle all the scripts that need to run.
This is just to speed up a bit the system, making it possible to share
resources among applications.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,483
Members
44,901
Latest member
Noble71S45

Latest Threads

Top