On 2008-08-16 13:39, Andreas Jung wrote: > > > --On 16. August 2008 13:11:13 +0200 "M.-A. Lemburg" <[EMAIL PROTECTED]> wrote: > > >> >> In my experience, attempts to create a sandbox that protects >> sufficiently against unwanted resource usage are either too >> restrictive and slow to make them useful or have problems >> preventing DOS attacks. > > I think you can't solve the issue with the standard technology we have > in CPython. I remember that Python once had a restricted execution > environment. Wasn't it buggy as hell?
It used to be fairly safe at one point (I think around Python 1.4), but maintenance was then dropped and so it was deprecated later on. The main module was called Bastion.py. > RestrictedPython of Zope surely similar > problems. As with all such restricted execution environment (not only in > Zope): they are attackable. Right. While some of them are fairly good at restricting access to e.g. the file system or object system, they usually lack protection against unlimited CPU and memory use. A multi-threaded approach makes hard as well, since killing of a thread often doesn't release the associated resources. In a multi-process environment things are easier, since the OS will take care of most of the monitoring and apply this at a much lower level. >> It's usually a lot better (and more efficient) to use trusted >> code only. > > Definitely. A common development pattern is the usage of CMF and > portal_skins where you work with PythonScripts on the filesystem. > The scripts themselves still run under the control of RestrictedPython > however the whole development model can be regarded as being trusted. > >> BTW: The reason why I had a look at these was that Chris Withers >> mentioned at EuroPython that they are currently causing delays >> in the Python 2.5 adoption (or at least are one of the reasons >> for them). >> > > Is Chris' talk somewhere online? It was a lightning talk. I'm not sure whether those are online somewhere. -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Aug 16 2008) >>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ :::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,MacOSX for free ! :::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )