[Zope-dev] Re: RestrtrictedPython vs zope.security.untrustedpython
Dieter Maurer
dieter at handshake.de
Thu Nov 22 15:21:41 EST 2007
Chris Withers wrote at 2007-11-22 17:08 +0000:
>Dieter Maurer wrote:
>> Chris Withers wrote at 2007-11-20 23:55 +0000:
>>> Dieter Maurer wrote:
>>>> You execute their code in a "globals" the "__builtins__" of which
>>>> contains precisely the builtins you want to give them.
>>> unfortunately that still leaves the import problems, correct?
>>
>> The "import" "command" is mapped to the "__import__" builtin.
>>
>> Thus, changing the "__import__" builtin....
>
>Hmmm, looking into this more. I think fiddling with supplying
>__builtins__ and __import__ is susceptible to those being deleted from
>the local or global namespace and so being replaced by ones from the
>above namespace.
>
>Am I right in seeing those as security risks? These seem to be some of
>the reasons rexec and bastion were dropped from python:
There have been reasons why Python no longer promisses a
secure restricted environment....
>
>http://bugs.python.org/issue577530
When you look carefully, you see that this problem has been fixed.
>http://mail.python.org/pipermail/python-dev/2002-December/031160.html
You handle this with security proxied objects, right?
Security questions are very delicate. Nobody will probably give
you a garantee that the approach is really safe.
--
Dieter
More information about the Zope-Dev
mailing list