I'm building a large infrastructure with about 30 servers (all running linux). I allow my end users to write scripts which then get broken down in smaller parts and run across the 30 servers. The results from each individual run are combined and presented back to the user.
I'm currently using pylint to restrict access to many things and make the code a little more 'safe'. (I understand that it is very difficult, if not impossible, to make the code completely secure). The problem I'm facing now is: how do I restrict the user from (inadvertently or maliciously) creating a large number of objects which will bring down the entire 100 nodes. Some of the things which I have ruled out (due to application architecture): 1. Running each process in its own unix process. Current Options: 1. expose my own version of range and xrange 2. Have a sandbox where the user script is run on random data before being pushed out to the all the servers. Questions: 1. How can I restrict recursion for the user scripts? 2. How can I restrict list comprehension in the user script? How do I disable user from doing [1]*10000000000000 4. Can I move the user scripting to some other language which can be interfaced with python yet allow the "restricted" execution env. 4. Can I convert the user functions using some 'modified' variant of pyrex which will give me more control? Have other people faced similar problems? I would imagine this is a common problem for anyone building distributed systems? Python 3000: Going forward this would be a really useful thing to see in python 3000 where a restricted exec env should be built in to the language from the ground up. -- http://mail.python.org/mailman/listinfo/python-list
