Reputation: 38189
Is there an alternative to rexec for Python sandboxing?
Implementing a 'sandbox' environment in Python used to be done with the rexec module (http://docs.python.org/library/rexec.html). Unfortunately, it has been deprecated/removed due to some security vulnerabilities. Is there an alternative?
My goal is to have Python code execute semi-trusted Python scripts. In a perfect world, calls to any functions outside of a pre-defined set would raise exceptions. From what I've read about rexec's deprecation, this may not be possible. So I'll settle for as much as I can get. I can spawn a separate process to run the scripts, which helps a lot. But they could still abuse I/O or processor/memory resources.
Upvotes: 6
Views: 2658
Answers (3)
Reputation: 2671
Your best bet for security in cPython is using OS-level sandboxing mechanisms and running untrusted code in a separate process constrained by the OS.
This is equivalent to using 'jython with java "sandboxing"', as per the answer above, but probably a little more difficult to configure.
Upvotes: 1
Reputation: 6003
in cpython "sandboxing" for security reasons is a: "don't do that at your company kids"-thing.
try :
- jython with java "sandboxing"
- pypy -> see Answer S.Lott
- maybe ironpython has a solution ?
see Warning:
Warning
In Python 2.3 these modules have been disabled due to various known and not readily fixable security holes. The modules are still documented here to help in reading old code that uses the rexec and Bastion modules.
Upvotes: 2
Related Questions
- How can I sandbox Python in pure Python?
- How can I safely run untrusted python code?
- Sandboxing in Linux
- Creating a secure environment for untrusted python code
- Django: running a python shell in a sandbox environment, similar to rails console --sandbox
- sandboxed python plugins
- Secure Python intepreter?
- Possible to sandbox Python configuration file?
- Sandbox shell programs on time
- Safe Python Environment in Linux