A
Aaron \Castironpi\ Brady
Sometimes questions come up on here about unpickling safely and
executing foreign code. I was thinking a minimum install that didn't
even have access to modules like 'os' could be safe. (Potentially.)
I have time to entertain this a little, though all the devs are busy.
I can bring it up again in a few months if it's a better time.
I browsed for info on 'rexec'. Two c-l-py threads:
http://mail.python.org/pipermail/python-dev/2002-December/031160.html
http://mail.python.org/pipermail/python-dev/2003-January/031848.html
A lot of modules would have to go. <Long list> IPC modules:
subprocess, socket, signal, popen2, asyncore, asynchat. ctypes, mmap,
platform.popen, glob, shutil, dircache, and many more</Long>.
I tested it out. I renamed the 'Lib' directory and ran.
'import site' failed; use -v for traceback
Python 2.5.2 (r252:60911, Feb 21 2008, 13:11:45) [MSC v.1310 32 bit
(Intel)] on
win32
Type "help", "copyright", "credits" or "license" for more information.NameError: name 'file' is not defined
Even a function created from raw bytecode string can't do anything
without __import__ or 'open'. And you can't get a second instance
running without subprocess or os.system.
'rexec' may be full of swiss cheese and irreparable, but maybe it
would work to start from bare-bones and add pieces known to be safe.
This sort of thing wouldn't need and standard library support either,
I don't think.
executing foreign code. I was thinking a minimum install that didn't
even have access to modules like 'os' could be safe. (Potentially.)
I have time to entertain this a little, though all the devs are busy.
I can bring it up again in a few months if it's a better time.
I browsed for info on 'rexec'. Two c-l-py threads:
http://mail.python.org/pipermail/python-dev/2002-December/031160.html
http://mail.python.org/pipermail/python-dev/2003-January/031848.html
A lot of modules would have to go. <Long list> IPC modules:
subprocess, socket, signal, popen2, asyncore, asynchat. ctypes, mmap,
platform.popen, glob, shutil, dircache, and many more</Long>.
I tested it out. I renamed the 'Lib' directory and ran.
'import site' failed; use -v for traceback
Python 2.5.2 (r252:60911, Feb 21 2008, 13:11:45) [MSC v.1310 32 bit
(Intel)] on
win32
Type "help", "copyright", "credits" or "license" for more information.NameError: name 'file' is not defined
Even a function created from raw bytecode string can't do anything
without __import__ or 'open'. And you can't get a second instance
running without subprocess or os.system.
'rexec' may be full of swiss cheese and irreparable, but maybe it
would work to start from bare-bones and add pieces known to be safe.
This sort of thing wouldn't need and standard library support either,
I don't think.