Jack Diederich <[EMAIL PROTECTED]> wrote:
> The Xen virtual server[1] was recently metnioned on slashdot[2].
> It is more lightweight and faster than full scale machine emulators because
> it uses a modified system kernel (so it only works on *nixes it has been
> ported to).
...it also uses py
On Sun, Jan 30, 2005 at 11:59:39AM +1000, Nick Coghlan wrote:
> Alex Martelli wrote:
> >It didn't seem to me that Steven's question was so restricted; and since
> >he thanked me for my answer (which of course is probably inapplicable to
> >some custom interpreter that's not written yet) it appears
Nick Coghlan <[EMAIL PROTECTED]> wrote:
...
> > If you _can_ execute (whatever) in a separate process, then an approach
> > based on BSD's "jail" or equivalent features of other OS's may be able
> > to give you all you need, without needing other restrictions to be coded
> > in the interpreter (
Alex Martelli wrote:
It didn't seem to me that Steven's question was so restricted; and since
he thanked me for my answer (which of course is probably inapplicable to
some custom interpreter that's not written yet) it appears to me that my
interpretation of his question was correct, and my answer u
Steven Bethard wrote:
> Fuzzyman wrote:
> > Cameron Laird wrote:
> > [snip..]
> >
> >>This is a serious issue.
> >>
> >>It's also one that brings Tcl, mentioned several
> >>times in this thread, back into focus. Tcl presents
> >>the notion of "safe interpreter", that is, a sub-
> >>ordin
Skip Montanaro <[EMAIL PROTECTED]> wrote:
> Alex> I dunno, maybe I'm just being pessimistic, I guess...
>
> No, I think you are being realistic. I thought one of the basic tenets of
> computer security was "that which is not expressly allowed is forbidden".
> Any attempt at security that att
Alex> I dunno, maybe I'm just being pessimistic, I guess...
No, I think you are being realistic. I thought one of the basic tenets of
computer security was "that which is not expressly allowed is forbidden".
Any attempt at security that attempts to find and plug the security holes
while leav
[EMAIL PROTECTED] (Alex Martelli) writes:
> OK then -- vars(type(object)) is a dict which has [[the unbound-method
> equivalent of]] object.__subclasses__ at its entry for key
> '__subclasses__'. Scratch 'vars' in addition to 'getattr'. And 'eval'
> of course, or else building up the string 'obj
In article <[EMAIL PROTECTED]>,
Alex Martelli <[EMAIL PROTECTED]> wrote:
>Aahz <[EMAIL PROTECTED]> wrote:
>> Alex Martelli deleted his own attribution:
>>>
>>> >>> object.__subclasses__()
>>
>> One thing my company has done is written a ``safe_eval()`` that uses a
>> regex to disable double-undersc
Stephen Thorne <[EMAIL PROTECTED]> wrote:
> On Sat, 29 Jan 2005 08:53:45 -0600, Skip Montanaro <[EMAIL PROTECTED]> wrote:
> >
> > >> One thing my company has done is written a ``safe_eval()`` that uses
> > >> a regex to disable double-underscore access.
> >
> > Alex> will the regex c
On Sat, 29 Jan 2005 08:53:45 -0600, Skip Montanaro <[EMAIL PROTECTED]> wrote:
>
> >> One thing my company has done is written a ``safe_eval()`` that uses
> >> a regex to disable double-underscore access.
>
> Alex> will the regex catch getattr(object,
> Alex> 'subclasses'.join(['_'
>> One thing my company has done is written a ``safe_eval()`` that uses
>> a regex to disable double-underscore access.
Alex> will the regex catch getattr(object,
Alex> 'subclasses'.join(['_'*2]*2)...?-)
Now he has two problems. ;-)
Skip
--
http://mail.python.org/mailman/listin
Aahz <[EMAIL PROTECTED]> wrote:
...
> object.__subclasses__()
...
> One thing my company has done is written a ``safe_eval()`` that uses a
> regex to disable double-underscore access.
will the regex catch getattr(object, 'subclasses'.join(['_'*2]*2)...?-)
Alex
--
http://mail.python.o
In article <[EMAIL PROTECTED]>,
Alex Martelli <[EMAIL PROTECTED]> wrote:
>Steven Bethard <[EMAIL PROTECTED]> wrote:
>>
>> If I could see how to go from 'object' (or 'int', 'str', 'file', etc.)
>> to 'eval' or '__import__', that would help out a lot...
>
object.__subclasses__()
>[, , , ,
>, , ,
Nick Coghlan <[EMAIL PROTECTED]> wrote:
> Alex Martelli wrote:
> > Steven Bethard <[EMAIL PROTECTED]> wrote:
> >...
> >
> >>If I could see how to go from 'object' (or 'int', 'str', 'file', etc.)
> >>to 'eval' or '__import__', that would help out a lot...
> >
> object.__subclasses__()
Alex Martelli wrote:
Steven Bethard <[EMAIL PROTECTED]> wrote:
...
If I could see how to go from 'object' (or 'int', 'str', 'file', etc.)
to 'eval' or '__import__', that would help out a lot...
object.__subclasses__()
[, , , ,
, , , , , ,
, , , , , , ]
Traipse through these, find one class that
Alex Martelli wrote:
Steven Bethard <[EMAIL PROTECTED]> wrote:
...
If I could see how to go from 'object' (or 'int', 'str', 'file', etc.)
to 'eval' or '__import__', that would help out a lot...
object.__subclasses__()
[, , , ,
, , , , , ,
, , , , , , ]
Traipse through these, find one class that
Steven Bethard <[EMAIL PROTECTED]> wrote:
...
> If I could see how to go from 'object' (or 'int', 'str', 'file', etc.)
> to 'eval' or '__import__', that would help out a lot...
>>> object.__subclasses__()
[, , , ,
, , , , , ,
, , , , , , ]
Traipse through these, find one class that has an unbo
Dieter Maurer wrote:
> Steven Bethard <[EMAIL PROTECTED]> writes on Tue, 25 Jan 2005
12:22:13 -0700:
> > Fuzzyman wrote:
> > ...
> > > A better (and of course *vastly* more powerful but unfortunately
only
> > > a dream ;-) is a similarly limited python virutal machine.
>
> I already wrote ab
Steven Bethard <[EMAIL PROTECTED]> writes on Tue, 25 Jan 2005 12:22:13 -0700:
> Fuzzyman wrote:
> ...
> > A better (and of course *vastly* more powerful but unfortunately only
> > a dream ;-) is a similarly limited python virutal machine.
I already wrote about the "RestrictedPython" which is
Jack Diederich wrote:
On Wed, Jan 26, 2005 at 10:23:03AM -0700, Steven Bethard wrote:
Jack Diederich wrote:
Yes, this comes up every couple months and there is only one answer:
This is the job of the OS.
Java largely succeeds at doing sandboxy things because it was written that
way from the ground
On Wed, Jan 26, 2005 at 10:39:18AM -0800, aurora wrote:
> >On Wed, Jan 26, 2005 at 05:18:59PM +0100, Alexander Schremmer wrote:
> >>On Tue, 25 Jan 2005 22:08:01 +0100, I wrote:
> >>
> >> sys.safecall(func, maxcycles=1000)
> >>> could enter the safe mode and call the func.
> >>
> >>This might be
On Wed, Jan 26, 2005 at 10:23:03AM -0700, Steven Bethard wrote:
> Jack Diederich wrote:
> >Yes, this comes up every couple months and there is only one answer:
> >This is the job of the OS.
> >Java largely succeeds at doing sandboxy things because it was written that
> >way from the ground up (to
It is really necessary to build a VM from the ground up that includes OS
ability? What about JavaScript?
On Wed, Jan 26, 2005 at 05:18:59PM +0100, Alexander Schremmer wrote:
On Tue, 25 Jan 2005 22:08:01 +0100, I wrote:
sys.safecall(func, maxcycles=1000)
> could enter the safe mode and call
Jack Diederich wrote:
Yes, this comes up every couple months and there is only one answer:
This is the job of the OS.
Java largely succeeds at doing sandboxy things because it was written that
way from the ground up (to behave both like a program interpreter and an OS).
Python the language was not
On Wed, Jan 26, 2005 at 05:18:59PM +0100, Alexander Schremmer wrote:
> On Tue, 25 Jan 2005 22:08:01 +0100, I wrote:
>
> sys.safecall(func, maxcycles=1000)
> > could enter the safe mode and call the func.
>
> This might be even enhanced like this:
>
> >>> import sys
> >>> sys.safecall(func,
On Tue, 25 Jan 2005 22:08:01 +0100, I wrote:
sys.safecall(func, maxcycles=1000)
> could enter the safe mode and call the func.
This might be even enhanced like this:
>>> import sys
>>> sys.safecall(func, maxcycles=1000,
allowed_domains=['file-IO', 'net-IO', 'devices', 'gui'
Cameron Laird wrote:
In article <[EMAIL PROTECTED]>,
Michael Spencer <[EMAIL PROTECTED]> wrote:
.
.
.
Right - the crux of the problem is how to identify dangerous objects. My point
is that if such as test is possible, then s
In article <[EMAIL PROTECTED]>,
Michael Spencer <[EMAIL PROTECTED]> wrote:
.
.
.
>Right - the crux of the problem is how to identify dangerous objects. My
>point
>is that if such as test is possible, then safe exec is very
On Tue, 25 Jan 2005 12:22:13 -0700, Steven Bethard wrote:
> >>This is a serious issue.
> >>
> >>It's also one that brings Tcl, mentioned several
> >>times in this thread, back into focus. Tcl presents
> >>the notion of "safe interpreter", that is, a sub-
> >>ordinate virtual machine which c
Michael Spencer wrote:
Steven Bethard wrote:
Michael Spencer wrote:
Safe eval recipe posted to cookbook:
http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/364469
This recipe only evaluates constant expressions
[snip
Indeed. But it's easy to extend this to arbitrary constructs. You just
ne
yntax tree created by compiler.parse"
It means you can't eval arbitrary Python code -- it's basically just a
data parser. Handy in some situations, but not the equivalent of a
limited Python virtual machine.
Indeed. But it's easy to extend this to arbitrary constructs. You
ed by compiler.parse"
It means you can't eval arbitrary Python code -- it's basically just a
data parser. Handy in some situations, but not the equivalent of a
limited Python virtual machine.
Likewise, function calls are easily intercepted
I'm not sure I follow this... How do yo
Steven Bethard wrote:
>
> I wish there was a way to, say, exec something with no builtins and
> with import disabled, so you would have to specify all the available
> bindings, e.g.:
>
> exec user_code in dict(ClassA=ClassA, ClassB=ClassB)
>
> but I suspect that even this wouldn't really solve
Steven Bethard wrote:
>
> I wish there was a way to, say, exec something with no builtins and
with
> import disabled, so you would have to specify all the available
> bindings, e.g.:
>
> exec user_code in dict(ClassA=ClassA, ClassB=ClassB)
>
> but I suspect that even this wouldn't really
Fuzzyman wrote:
> Cameron Laird wrote:
> [snip..]
>
>>This is a serious issue.
>>
>>It's also one that brings Tcl, mentioned several
>>times in this thread, back into focus. Tcl presents
>>the notion of "safe interpreter", that is, a sub-
>>ordinate virtual machine which can interpret only
>>speci
36 matches
Mail list logo
