[Zope] Script (Python) insecure ?
Andreas Jung
lists at zopyx.com
Sat Aug 16 07:39:37 EDT 2008
--On 16. August 2008 13:11:13 +0200 "M.-A. Lemburg" <mal at egenix.com> wrote:
>
> In my experience, attempts to create a sandbox that protects
> sufficiently against unwanted resource usage are either too
> restrictive and slow to make them useful or have problems
> preventing DOS attacks.
I think you can't solve the issue with the standard technology we have in
CPython. I remember that Python once had a restricted execution
environment.
Wasn't it buggy as hell? RestrictedPython of Zope surely similar problems.
As with all such restricted execution environment (not only in Zope): they
are attackable.
> It's usually a lot better (and more efficient) to use trusted
> code only.
Definitely. A common development pattern is the usage of CMF and
portal_skins where you work with PythonScripts on the filesystem.
The scripts themselves still run under the control of RestrictedPython
however the whole development model can be regarded as being trusted.
>
> BTW: The reason why I had a look at these was that Chris Withers
> mentioned at EuroPython that they are currently causing delays
> in the Python 2.5 adoption (or at least are one of the reasons
> for them).
>
Is Chris' talk somewhere online?
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
Url : http://mail.zope.org/pipermail/zope/attachments/20080816/98838d57/attachment.bin
More information about the Zope
mailing list