[Python-3000] Will we have a true restricted exec environment for python-3000? (original) (raw)

Vineet Jain vinj at alumni.rice.edu
Sat Apr 8 16:25:38 CEST 2006

Nick Coghlan wrote:

are somewhat staggering, and designing an in-process sandbox to cope with that is a big ask (and demonstrating that the sandbox actually achieves that goal is even tougher). I was thinking along the lines of:

  1. Start a "light" python interpreter, which by default will not allow you to import anything including any of the standard python libraries.
  2. This light python interpreter will have hooks around memory allocation: Limit maximum memory used by the user. So

users should not be able to do: [1]*100000000000 bytecode execution: Limit time of execution of each python line. Users should not be able to: while True: i = i + 1 3. Have the ability to transfer objects between the main and the light python interpreter.

user_interpreters = {} for user_name, user_module in all_user_modules: pl = python_light(memory_limit_per_instruction = "0.1M", execution_limit = "2S", memory_limit_interpreter="2M", allow_modules=None) pl.load_module(user_script) user_interpreters[user_name] = pl

for user_name in user_interpreters: pl = user_interpreters[user_name] update_globa_env(pl) #application specific function which will setup data to be used by the python interpreter try: user_function_value = pl.user_function() except Exceeded_Memory:_Per_Instruction: except Exceeded_Execution_Time_Limit: except Exceeded_Total_Memory_Limit: handle_exception()

It is up the the application builder to ensure that any and all modules/object that are added to the "light" python interpreter are secure.

Vineet

More information about the Python-3000 mailing list