[Zope-dev] Re: RestrtrictedPython vs zope.security.untrustedpython

Dieter Maurer dieter at handshake.de
Thu Nov 22 15:21:41 EST 2007


Chris Withers wrote at 2007-11-22 17:08 +0000:
>Dieter Maurer wrote:
>> Chris Withers wrote at 2007-11-20 23:55 +0000:
>>> Dieter Maurer wrote:
>>>> You execute their code in a "globals" the "__builtins__" of which
>>>> contains precisely the builtins you want to give them.
>>> unfortunately that still leaves the import problems, correct?
>> 
>> The "import" "command" is mapped to the "__import__" builtin.
>> 
>> Thus, changing the "__import__" builtin....
>
>Hmmm, looking into this more. I think fiddling with supplying 
>__builtins__ and __import__ is susceptible to those being deleted from 
>the local or global namespace and so being replaced by ones from the 
>above namespace.
>
>Am I right in seeing those as security risks? These seem to be some of 
>the reasons rexec and bastion were dropped from python:

There have been reasons why Python no longer promisses a
secure restricted environment....


>
>http://bugs.python.org/issue577530

When you look carefully, you see that this problem has been fixed.

>http://mail.python.org/pipermail/python-dev/2002-December/031160.html

You handle this with security proxied objects, right?


Security questions are very delicate. Nobody will probably give
you a garantee that the approach is really safe.



-- 
Dieter


More information about the Zope-Dev mailing list