"Lonnie Princehouse" <[EMAIL PROTECTED]> writes:
> Pretty neat =)
> But aren't you concerned about security?  Letting anybody execute
> arbitrary Python expressions (and therefore also arbitrary system
> commands?!) on your box --- even from within a FreeBSD jail --- seems a
> bit dangerous.

What's there is actually more restricted than a FreeBSD jail. This one
has been tightened down to a statically linked Python interpreter, the
statically linked cgi program which does nothing but launch the Python
interpreter with the right arguments, and python library files. I've
even removed most of the latter that aren't used by the python
script. So yeah - you can run arbitrary system commands, except there
shouldn't be any.

The previous version was in a jail, which is why I didn't want it
generally announced. The logs made amusing reading. I like Gerhard's
idea of removing __import__, and have done that.

     <mike
-- 
Mike Meyer <[EMAIL PROTECTED]>                  http://www.mired.org/home/mwm/
Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information.
-- 
http://mail.python.org/mailman/listinfo/python-list

Reply via email to