[Zope] Script (Python) insecure ?

Andreas Jung lists at zopyx.com
Sat Aug 16 07:39:37 EDT 2008



--On 16. August 2008 13:11:13 +0200 "M.-A. Lemburg" <mal at egenix.com> wrote:


>
> In my experience, attempts to create a sandbox that protects
> sufficiently against unwanted resource usage are either too
> restrictive and slow to make them useful or have problems
> preventing DOS attacks.

I think you can't solve the issue with the standard technology we have in 
CPython. I remember that Python once had a restricted execution 
environment.
Wasn't it buggy as hell? RestrictedPython of Zope surely similar problems. 
As with all such restricted execution environment (not only in Zope): they 
are attackable.

> It's usually a lot better (and more efficient) to use trusted
> code only.

Definitely. A common development pattern is the usage of CMF and 
portal_skins where you work with PythonScripts on the filesystem.
The scripts themselves still run under the control of RestrictedPython 
however the whole development model can be regarded as being trusted.


>
> BTW: The reason why I had a look at these was that Chris Withers
> mentioned at EuroPython that they are currently causing delays
> in the Python 2.5 adoption (or at least are one of the reasons
> for them).
>

Is Chris' talk somewhere online?

Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope/attachments/20080816/98838d57/attachment.bin 


More information about the Zope mailing list