N
Noen
Im developing a game where the players will program their equipment with
python. Are there any ways to run insecure code? I dont want the clients
to mess with the server-code through their own code, or even DOS the box
by using up too much memory.
Here is some examples of how the equipment should be programmed:
---
# Proxmity explosive example
import cpu
explosive = cpu.connection(0x01,"explosive")
motion_detector = cpu.connection(0x02,"explosive")
class Main:
def event_Motion(self):
explosive.trigger(delay=0)
cpu.reg_event(motion_detector.event_Motion, self.event_Motion)
cpu.start()
---
# Broadcast chat equipment
import cpu
import io
terminal = cpu.connection(0x01,"User personal terminal connection")
radio = cpu.connection(0x02,"Radio tranceiver")
mem = cpu.connection(0x03,"Memory chip")
if mem.get("FREQ") == None: freq = 12345 ; mem.store("FREQ",12345)
class Main:
cpu.reg_event(radio.receive, self.event_Message)
cpu.reg_event(terminal.input, self.event_Input)
def event_Message(self,message):
terminal.write(message + "\r\n")
def event_Input(self,data):
if data[0] == "/":
if string.upper(string.split(data[1:]))[0] == "CHANNEL":
radio.setFreq(int(string.split(data)[2]))
mem.store("FREQ",int(string.split(data)[2])
else:
radio.send(data)
---
I see the following problems:
1. looping code
Are there any way to avoid this by checking the "eip" within a usercode?
Is it possible to multiplex between user codes to avoid this?
Is it possible to limit execution speed (set the cpu to 5 instructions
pr second)
2. blocking code / untrusted/insecure code
Is there a effective way to limit the available functions the usercode?
(perhaps like the java securityhandler way)
3. memory-dos
Limiting the storage size (or even forcing the user to store EVERYTHING
in the mem object)
I dont know if this is even possible (without modifying the python
source, which would force me to perhaps seperate server code and user code)
python. Are there any ways to run insecure code? I dont want the clients
to mess with the server-code through their own code, or even DOS the box
by using up too much memory.
Here is some examples of how the equipment should be programmed:
---
# Proxmity explosive example
import cpu
explosive = cpu.connection(0x01,"explosive")
motion_detector = cpu.connection(0x02,"explosive")
class Main:
def event_Motion(self):
explosive.trigger(delay=0)
cpu.reg_event(motion_detector.event_Motion, self.event_Motion)
cpu.start()
---
# Broadcast chat equipment
import cpu
import io
terminal = cpu.connection(0x01,"User personal terminal connection")
radio = cpu.connection(0x02,"Radio tranceiver")
mem = cpu.connection(0x03,"Memory chip")
if mem.get("FREQ") == None: freq = 12345 ; mem.store("FREQ",12345)
class Main:
cpu.reg_event(radio.receive, self.event_Message)
cpu.reg_event(terminal.input, self.event_Input)
def event_Message(self,message):
terminal.write(message + "\r\n")
def event_Input(self,data):
if data[0] == "/":
if string.upper(string.split(data[1:]))[0] == "CHANNEL":
radio.setFreq(int(string.split(data)[2]))
mem.store("FREQ",int(string.split(data)[2])
else:
radio.send(data)
---
I see the following problems:
1. looping code
Are there any way to avoid this by checking the "eip" within a usercode?
Is it possible to multiplex between user codes to avoid this?
Is it possible to limit execution speed (set the cpu to 5 instructions
pr second)
2. blocking code / untrusted/insecure code
Is there a effective way to limit the available functions the usercode?
(perhaps like the java securityhandler way)
3. memory-dos
Limiting the storage size (or even forcing the user to store EVERYTHING
in the mem object)
I dont know if this is even possible (without modifying the python
source, which would force me to perhaps seperate server code and user code)