Hi - Thanks for the response. Yes, we used OS features to restrict the system user accounts.
We don't allow gcc - this helped us to avoid kernel exploits via C code like : https://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id=42827&forum=59 https://bugzilla.redhat.com/show_bug.cgi?id=962792 We are concerned whether user may try C exploits via Python code and break the system. What's the minimal python set-up you would suggest? I'm thinking something like: 1- Uninstall python-devel packages 2- Remove easy_install or pip (any such install utilities) 3- Keep only very basic modules under /usr/lib/python<>/site-packages and delete the others. Thanks. -- ---- Cheers, Lakshmipathi.G FOSS Programmer. www.giis.co.in On Wed, Aug 7, 2013 at 11:35 AM, dieter <die...@handshake.de> wrote: > "Lakshmipathi.G" <lakshmipath...@gmail.com> writes: > >> We have a server running a web-based terminal emulator (based on shellinabox >> for screen-casting check www.webminal.org) that allows users to learn >> simple bash commands. This Linux environment secured by things like quota, >> selinux,ulimit etc >> >> Now some users are requesting python access. How to ensure python is executed >> in a restricted environment. I came across >> http://docs.python.org/2/library/restricted.html >> but it seems like disabled in 2.3. Any thoughts on how we can safely >> provide python access >> to users. > > When you are satisfied with the protection you have achieved > for bash commands, those same protection might be sufficient > for Python as well. I assume that you used operating system > facilities to restrict what the (system) user can do on the > operating system level: the same restriction would apply to the > (same) user executing Python code. > > -- > http://mail.python.org/mailman/listinfo/python-list -- http://mail.python.org/mailman/listinfo/python-list
