restricted environment

Discussion in 'Python' started by Gabriele *darkbard* Farina, Jul 20, 2006.

  1. Hi,

    I saw the rexec module is deprecated. I need to develop a python
    application able to run custom python code based on a configuration
    file that tells the path of the script that have to be executed. Those
    scripts can be runned simultaneously trought threading module, but the
    MUST not have any way to change the base application nor the other
    scripts behaviour.

    There is a way to reach this point without using rexec? There is a way
    to start a python interpreter from python to run the scripts?

    My final goal is to develop a simple fastcgi script that, based on
    configuration files, is able to host different applications without
    need to copy the script for any application and with any risk that the
    scripts will ifluence in any way each other.

    Any help?

    Gabriele
    Gabriele *darkbard* Farina, Jul 20, 2006
    #1
    1. Advertising

  2. Gabriele *darkbard* Farina

    Paul Rubin Guest

    "Gabriele *darkbard* Farina" <> writes:
    > There is a way to reach this point without using rexec?


    Not without a totally separate interpreter. If rexec were so easy
    to fix, they'd fix it.

    > There is a way to start a python interpreter from python to run the
    > scripts?


    Of course; use os.popen or something like that. Maybe not what you wanted.

    > My final goal is to develop a simple fastcgi script that, based on
    > configuration files, is able to host different applications without
    > need to copy the script for any application and with any risk that the
    > scripts will ifluence in any way each other.


    You really can't. You need a separate interpreter for each user.
    Paul Rubin, Jul 20, 2006
    #2
    1. Advertising

  3. Using a separate interpreter could be a solution, but restarting any
    time the interpreter give me too much overhead and the application will
    work as slow as a CGI app even if it runs using FastCGI.

    Can't I put the interpreter to the starting state any time it finishes
    a script execution without restarting it ?

    The first attempt to reach my goal was to override the __import__
    function to limit it working on modules that can be used and on custom
    import directories that can be accessed. Then I executed the scripts
    using exec. There is any security problem related to this solution ?

    The other problem is about limiting accessible resources ...

    Gabriele
    Gabriele *darkbard* Farina, Jul 20, 2006
    #3
  4. Gabriele *darkbard* Farina

    Paul Rubin Guest

    "Gabriele *darkbard* Farina" <> writes:
    > Using a separate interpreter could be a solution, but restarting any
    > time the interpreter give me too much overhead and the application will
    > work as slow as a CGI app even if it runs using FastCGI.


    How many users are you talking about? Can you have a separate FastCGI
    server for each one, running continuously?
    Paul Rubin, Jul 20, 2006
    #4
  5. Gabriele *darkbard* Farina

    faulkner Guest

    http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/496746
    When you think of modifying the interpreter, think of the compiler
    module.


    Gabriele *darkbard* Farina wrote:
    > Hi,
    >
    > I saw the rexec module is deprecated. I need to develop a python
    > application able to run custom python code based on a configuration
    > file that tells the path of the script that have to be executed. Those
    > scripts can be runned simultaneously trought threading module, but the
    > MUST not have any way to change the base application nor the other
    > scripts behaviour.
    >
    > There is a way to reach this point without using rexec? There is a way
    > to start a python interpreter from python to run the scripts?
    >
    > My final goal is to develop a simple fastcgi script that, based on
    > configuration files, is able to host different applications without
    > need to copy the script for any application and with any risk that the
    > scripts will ifluence in any way each other.
    >
    > Any help?
    >
    > Gabriele
    faulkner, Jul 20, 2006
    #5
  6. Gabriele *darkbard* Farina

    K.S.Sreeram Guest

    Gabriele *darkbard* Farina wrote:
    > The first attempt to reach my goal was to override the __import__
    > function to limit it working on modules that can be used and on custom
    > import directories that can be accessed. Then I executed the scripts
    > using exec. There is any security problem related to this solution ?


    This won't work. Creating a secure restricted execution environment is
    very hard. FYI, there is an ongoing discussion on python-dev about a new
    attempt at something like rexec for python 2.6+.

    [sreeram;]


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.2.2 (MingW32)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

    iD8DBQFEvyGjrgn0plK5qqURAjFdAJ9Y2T6F1pbkp27ffj/sSHda3NJrhACbBf2M
    Tixh+vHX8EbnN9+aJSwU3wc=
    =Q/11
    -----END PGP SIGNATURE-----
    K.S.Sreeram, Jul 20, 2006
    #6
  7. Paul Rubin wrote:
    > "Gabriele *darkbard* Farina" <> writes:
    > > Using a separate interpreter could be a solution, but restarting any
    > > time the interpreter give me too much overhead and the application will
    > > work as slow as a CGI app even if it runs using FastCGI.

    >
    > How many users are you talking about? Can you have a separate FastCGI
    > server for each one, running continuously?


    I could be the last solution, but I'd like to understand if a can use
    only one FastCGI server to handle all the scripts that need to run.
    This is just to speed up a bit the system, making it possible to share
    resources among applications.
    Gabriele *darkbard* Farina, Jul 20, 2006
    #7
  8. Gabriele *darkbard* Farina, Jul 20, 2006
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. SamIAm
    Replies:
    1
    Views:
    452
    Ed Gibbs
    Dec 4, 2003
  2. =?Utf-8?B?Q2FybG8gTWFyY2hlc29uaQ==?=

    Comment Web page is restricted site

    =?Utf-8?B?Q2FybG8gTWFyY2hlc29uaQ==?=, Oct 7, 2004, in forum: ASP .Net
    Replies:
    0
    Views:
    340
    =?Utf-8?B?Q2FybG8gTWFyY2hlc29uaQ==?=
    Oct 7, 2004
  3. Magnus Blomberg

    Simple website with open and restricted area

    Magnus Blomberg, Feb 20, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    2,004
    Magnus Blomberg
    Feb 20, 2006
  4. Pavel
    Replies:
    1
    Views:
    5,947
    Pavel
    Nov 14, 2003
  5. Replies:
    5
    Views:
    637
Loading...

Share This Page