On 6/6/07, alex clemesha <[EMAIL PROTECTED]> wrote: > > Yes. To reiterate, the right solution is that the individual > > worksheets(or at least SAGE users) all run as separate > > users distinct from the notebook process (and -- ideally -- > > from each other). They then would not have permissions > > to kill the server. In particular, with this model -- which we'll > > be implementing -- if you type > > I think a robust implementation of the above is what we should aim for.
Yes. It won't be hard given how SAGE is designed, as you'll see. > i.e. for each user can we associate a less priviledge python process that we > (the notebook admin) can completely control: *permissions* and *disk space* > and *cpu time* ? Yep. Easy with ulimit. > > Some relevant reading from a well known python-dev: > http://sayspy.blogspot.com/2007/05/i-have-finished-securing-python.html > Thanks! > Some relevant quotes from his article: > " The original goal of this work was to come up with a way so that you could > run Python code in an embedded Python interpreter and not worry about it > opening arbitrary sockets or touching any files unless you explicitly > allowed it ..." > > " [The goal was not] to protect intangible things such as memory or CPU > usage." > > Does the second quote mean this is a fairly hard problem? No. One can easily deal with most things like memory using ulimit. William --~--~---------~--~----~------------~-------~--~----~ To post to this group, send email to sage-devel@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/sage-devel URLs: http://sage.scipy.org/sage/ and http://modular.math.washington.edu/sage/ -~----------~----~----~----~------~----~------~--~---
