(Originally incorrectly posted to C++ SIG mailing list) Hello,
First let me apologise if this question is obvious - I've never embedded python before and I am deciding of it meets my needs. My question is; is there a secure python interpreter that prevents malicious code from using C/C++ modules or built-in functions from causing damage to a users system. My objective is to have an embedded interpreted language to drive all non CPU intensive application behaviour with user / downloadable scripts to customise the UI / scripting processing. My concern with a simply embedding python is that this would give arbitrary scripts the ability to make system level changes (e.g. destructive abilities using file access). As I wish to encourage scripts to be shared across the Internet this could not be tolerated. Python provides a very good script language to which I can expose application specific functions/objects using the already documented methods. To use Python with the above security restrictions I would need to be able to disable all file / system built-ins when running the interpreter across user scripts. In addition, importing C/C++ functions would have to be disabled as well. As a complication, a set of 'approved C/C++ functions' such as numpy would need to be supported in order to allow the user to do 'useful processing' within the scripts driving the application. My naive solution would be to customise the 'PyImport_Import' and 'PyObject_CallObject' routines used with user scripts so that: --- an imported C/C++ module would be checked against an approved list to prevent arbitrary C/C++ code from being executed --- built-in function calls would be checked against an approved list to prevent system damaging calls from being made --- the application API that is exposed to the user code must not expose to scripts a way of damaging anything more than the data currently being 'processed' --- the application would have to ensure that user code is only executed within the secure interpreter scope (e.g. not use callbacks to user script code outside the secure interpreter) Has the necessary secure python interpreter already been created / a work in progress? Many thanks for any advice you can give me, Richard Send instant messages to your online friends http://uk.messenger.yahoo.com -- http://mail.python.org/mailman/listinfo/python-list
