Reputation: 971
Executing unknown Python script in Java
I am writing a server application with Java servlets and at some point, a Python script that was uploaded by a user has to be executed. Is it possible to create a process with restrictions like only beeing able to access a certain directory (probably using ProcessBuilder)?
I already had a look at pysandbox, but I am not sure if this alone is a safe enough measure when executing an unknown Python script.
All the script has to do is process a given String using certain libraries and return a String using the print function.
Is my approach correct or is there a better way to execute an unknown script?
Upvotes: 0
Views: 144
Answers (1)
Reputation: 34698
As a forward to my answer, whitelisting and blacklisting only go so far and are proven easily broken by the most determined of hackers. Don't bother with these styles of security.
About as safe as you are going to get is to use pypy-sandbox it creates an OS level sandbox and tries to isolate processes that could lead to nasty execution.
For real security you probably want something more like this following model.
- Using SELinux as the host fire up a virtual machine running SELinux
- Disable all ports except for SSH and ensure patches are up to date
- Upload the code to a non executable directory.
- Chroot and ulimit all the things
- Execute the code through pypy-sandbox
- Destroy the machine when execution is complete
Or maybe I am just paranoid.
Upvotes: 1
Related Questions
- Java ProcessBuilder not able to run Python script in Java
- Java, ProcessBuilder for python script with python module (numpy)
- Syntax error running Python script in Java Process
- Python script not outputting in Java
- Issues while Invoking Python process using java process builder
- Executing python from java
- Using ProcessBuilder to execute a python script with command line options
- ProcessBuilder cannot run python script with arguments
- Running Python scripts in Java
- How to run a python script from java?