Bubblehouse

Nice New Things

24 September 2003

So right away I have something to show anyone who wants to look. I’ve been thinking about the whole RExec/Bastion problem, and I may have come up with a solution. I’d also certainly appreciate it if anyone could fill me in with any obvious security flaws

Check out SaferPython. It is my attempt to rewrite a restricted environment for Python. Admittedly, I don’t think I know enough about the new language features to be sure if this works. I’ve tried a number of “exploits”, and this seems to provide the kind of protection I want, but I’m pretty sure it doesn’t have the abilities that some RExec users need.

I wrote this based upon the following premises:

  • That my primary goal is to offer some sort of scripting enviroment, even if it is only a subset of the Python language. Call it PythonScript or something (ah, jk, I think that already exists)…
  • That any class/object that I could want in the restricted environment would be accessible to me ahead of time.
  • That none of the objects in this environment can return anything but safe objects

For the moment, I can be sure the the classes are secure, since importing is disabled from inside the environment. Only classes/objects that are imported explicitly are available.

The way you’d use it would be something like this:

from safer import *
import string

# defaults to using the NameChecker class for permissions
env = Armory()
# we insert objects that we want to access, including any modules
# or built-in functions
env.insert('string', string) #the string module
env.insert('str', str)       #the str() built-in/type

# we can also specify other IPermission implementations
class myClass(object):
    pass
env.insert('MyClass', MyClass, ClassProtection)

env.r_exec(someUntrustedCode)

The manual insertion of ALL language objects is a bit of a pain, but this can be automated once I figure out what classes/objects are 100% safe for this environment. Although there is support for creating new instances of protected (Shielded) class objects, they are currently returned unrestricted. I’m planning on fixing this once I figure out a nice way to do it.

Featured Posts

  1. Update script for split-environment Puppetmaster module dirs
  2. Gitolite post-update script to auto-update a multi-environment puppetmaster
  3. Generate nonsense words out of integers
  4. Minimal script for sending/reading from Amazon SQS using Boto/Python.
  5. A very slow way to serve Django when all you have is CGI
  6. Data file of "funny-sounding" names
  7. Example of querying the YQL console.
  8. A boilerplate nagios check script.
  9. Show how to read from the nagios datafile
  10. Mega developers prompt

GitHub Projects

  1. Python django-salesforce
  2. Python svn-color
  3. Python antioch
  4. Python python-artnet
  5. Python txsftp
  6. Python imap-watch
  7. Python txOpenID
  8. Objective-C CocoaArtnet
  9. Python Pythonista-Artnet
  10. Python feedme
  11. Python TJ
  12. Perl dist
  13. JavaScript biggerthanoptimus
  14. Python django-default-project
  15. Python django-salesforce