Re: Restricted Access

2006-07-12 Thread iapain
> You'll need to make your own AccessControl/ZopeGuards.py-like module, and > probably subclass the RestrictionMutator to enable/disable certain > functionnality (interdiction of names beginning by '_' for example is hard > coded). Your reply is pretty hopeful, I saw that one, its the only fracti

Re: Restricted Access

2006-07-11 Thread Maric Michaud
Le mercredi 12 juillet 2006 08:17, iapain a écrit : > > I'm having currently working on OS/2 and Linux platform, I've designed > a web based ide for python and i wish to restrict some commands There is a restricted environment in Zope for TTW python scripts and ZPT/DTML . These scripts are run i

Re: Restricted Access

2006-07-11 Thread iapain
> Do you have an IBM s/370 running VM/CMS? VM was sort of an OS for > running multiple OSs, so it would be the "restricted environment" I'm having currently working on OS/2 and Linux platform, I've designed a web based ide for python and i wish to restrict some commands and user can only ac

Re: Restricted Access

2006-07-11 Thread K.S.Sreeram
Paul Rubin wrote: > "K.S.Sreeram" <[EMAIL PROTECTED]> writes: >> Java is not the only restricted execution environment around. >> Javascript, as implemented by most browsers, is an excellent lightweight >> restricted execution environment, and there are many browsers which have >> good implementati

Re: Restricted Access

2006-07-11 Thread Dave Hansen
On 11 Jul 2006 10:19:22 -0700 in comp.lang.python, Paul Rubin wrote: >"K.S.Sreeram" <[EMAIL PROTECTED]> writes: >> Java is not the only restricted execution environment around. >> Javascript, as implemented by most browsers, is an excellent lightweight >> restricted exec

Re: Restricted Access

2006-07-11 Thread gene tani
Georg Brandl wrote: > Cameron Laird wrote: > > In article <[EMAIL PROTECTED]>, > > iapain <[EMAIL PROTECTED]> wrote: > > . > > . > > . > >>Does that mean there is no way to implement restricted enviorment? > > . > >

Re: Restricted Access

2006-07-11 Thread iapain
> Brett Cannon is currently trying to come up with a comprehensive spec > and implementation of a sandboxed Python interpreter, for use in > Mozilla as a JavaScript replacement. (look in the python-dev archives > for more) I'm not sure he is working or not, latest i read was he purposed new restri

Re: Restricted Access

2006-07-11 Thread Georg Brandl
Cameron Laird wrote: > In article <[EMAIL PROTECTED]>, > iapain <[EMAIL PROTECTED]> wrote: > . > . > . >>Does that mean there is no way to implement restricted enviorment? > . > . >

Re: Restricted Access

2006-07-11 Thread Paul Rubin
"K.S.Sreeram" <[EMAIL PROTECTED]> writes: > Java is not the only restricted execution environment around. > Javascript, as implemented by most browsers, is an excellent lightweight > restricted execution environment, and there are many browsers which have > good implementations. And we hear about

Re: Restricted Access

2006-07-11 Thread iapain
> The most knowledgeable people have effectively given up, in > regard to Python. I guess now I am up with only one option, i.e hope that user input code wont be evil to the system. **which is rarely possible** -- http://mail.python.org/mailman/listinfo/python-list

Re: Restricted Access

2006-07-11 Thread K.S.Sreeram
Steven D'Aprano wrote: > Creating a restricted execution environment is *hard*. As far as I know, > even Microsoft has never attempted it. And for all of Sun's resources and > talent, security holes are sometimes found even in Java. Java is not the only restricted execution environment around. Jav

Re: Restricted Access

2006-07-11 Thread Cameron Laird
In article <[EMAIL PROTECTED]>, iapain <[EMAIL PROTECTED]> wrote: . . . >Does that mean there is no way to implement restricted enviorment? . . . The most

Re: Restricted Access

2006-07-11 Thread Diez B. Roggisch
iapain wrote: > >> my_innocent_object = __import__(''.join([chr(110+x) for x in [1, 5]])) > > Thats really smart way, yeah i had plan to scan and detect but I think > its not gonna work. > >> Creating a restricted execution environment is *hard*. As far as I know, >> even Microsoft has never at

Re: Restricted Access

2006-07-11 Thread iapain
> my_innocent_object = __import__(''.join([chr(110+x) for x in [1, 5]])) Thats really smart way, yeah i had plan to scan and detect but I think its not gonna work. > Creating a restricted execution environment is *hard*. As far as I know, > even Microsoft has never attempted it. And for all of S

Re: Restricted Access

2006-07-11 Thread Steven D'Aprano
On Tue, 11 Jul 2006 06:21:39 -0700, iapain wrote: >> unless you're willing to build a restricted runtime that runs on top of the >> core inter- >> preter, you should assume that anyone writing a Python script that's >> executed by >> your program has access to everything that your Python process

Re: Restricted Access

2006-07-11 Thread iapain
> unless you're willing to build a restricted runtime that runs on top of the > core inter- > preter, you should assume that anyone writing a Python script that's executed > by > your program has access to everything that your Python process has access > to... I think using replacements I can b

Re: Restricted Access

2006-07-11 Thread Fredrik Lundh
"iapain" wrote: > I've already assumed that there is no rexec for me as i am using python > 2.4. Yeah its much more difficult that my imagination. Should I go for > alternatives like > 1. Assume every one who is using this webide, wont corrupt system > 2. Use some tricks to encrypt the user path a

Re: Restricted Access

2006-07-11 Thread iapain
> googling for "python restricted execution" might give you some clues. I've already assumed that there is no rexec for me as i am using python 2.4. Yeah its much more difficult that my imagination. Should I go for alternatives like 1. Assume every one who is using this webide, wont corrupt system

Re: Restricted Access

2006-07-11 Thread Fredrik Lundh
"iapain" wrote: > No, I cant change permission or delete the module, the best would be > something to detect 'import os' in user code .. trust me, implementing a restricted execution model for Python that actually works is a *lot* harder than that. googling for "python restricted execution" migh

Re: Restricted Access

2006-07-10 Thread iapain
Tim Chase wrote: > If you're prepared for the massive breakage that will ensue, you can > > chmod go-rwx /usr/lib/python2.3/os.* No, I cant change permission or delete the module, the best would be something to detect 'import os' in user code .. but If i go with chroot jail approch then ever

Re: Restricted Access

2006-07-10 Thread Tim Chase
> 1. How can i disable some of the modules without deleting. e.g I wish > to disable "os" module. If you're prepared for the massive breakage that will ensue, you can chmod go-rwx /usr/lib/python2.3/os.* (assuming *nix as you later detail). > 2. How can i force user code to access only

Restricted Access

2006-07-10 Thread iapain
I'm developing a webIDE for python and I've 2 questions regarding it. 1. How can i disable some of the modules without deleting. e.g I wish to disable "os" module. 2. How can i force user code to access only his particular folder, I dont want to create uses in unix, e.g fp = open(PATH, 'w') # If