[Python-checkins] r54897 - python/branches/bcannon-objcap/BRANCH_NOTES python/branches/bcannon-objcap/secure_python.c (original) (raw)
brett.cannon python-checkins at python.org
Sat Apr 21 01:54:39 CEST 2007
- Previous message: [Python-checkins] r54896 - peps/trunk/pep-3119.txt
- Next message: [Python-checkins] r54898 - in python/branches/bcannon-objcap: BRANCH_NOTES Python/pythonrun.c secure_python.c
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Author: brett.cannon Date: Sat Apr 21 01:54:38 2007 New Revision: 54897
Added: python/branches/bcannon-objcap/secure_python.c (contents, props changed) Modified: python/branches/bcannon-objcap/BRANCH_NOTES Log: Begin a proof-of-concept app that embeds the Python interpreter in a secure fashion.
Need to move changes made in Py_Initialize() over to the embedded app so that proper building of Python and all extensions can occur.
Modified: python/branches/bcannon-objcap/BRANCH_NOTES
--- python/branches/bcannon-objcap/BRANCH_NOTES (original) +++ python/branches/bcannon-objcap/BRANCH_NOTES Sat Apr 21 01:54:38 2007 @@ -6,12 +6,15 @@
Status
-Working on an interpreter-wide security model for Python. This is not a -replacement for rexec but should allow someone who embeds Python to be able to -execute Python code safely. +* Create app that embeds Python + + Move changes in Py_Initialize() to app. +* Remove dangerous built-ins. +* Turn on whitelisting. +* Write tests.
References
- securing_python.txt
- http://docs.google.com/Doc?id=dg7fctr4_4d8tdbq +* http://www.cs.ubc.ca/~drifty/papers/python_security.pdf
Added: python/branches/bcannon-objcap/secure_python.c
--- (empty file) +++ python/branches/bcannon-objcap/secure_python.c Sat Apr 21 01:54:38 2007 @@ -0,0 +1,17 @@ +/*
- Proof-of-concept application that embeds Python with security features
- turned on to prevent unmitigated access to resources.
- XXX See BRANCH_NOTES for what needs to be done. +*/ +#include "Python.h"
- +int +main(int argc, char *argv[]) +{
- Py_Initialize();
- Py_Main(argc, argv);
- Py_Finalize();
- return 0;
+}
- Previous message: [Python-checkins] r54896 - peps/trunk/pep-3119.txt
- Next message: [Python-checkins] r54898 - in python/branches/bcannon-objcap: BRANCH_NOTES Python/pythonrun.c secure_python.c
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]