嵌入受限制的python解释器 [英] Embedding a restricted python interpreter
问题描述
我想在一个程序中嵌入一个python解释器,但是因为那个
程序可以自动从下载脚本互联网,
我想在受限制的环境中运行它们,这基本上意味着我想要只允许一组特定的模块使用
脚本,这样他们就不可能从
硬盘驱动器中删除文件,杀死进程或做其他令人讨厌的事情。
有没有办法用标准的python解释器呢?
Hi,
I would like to embed a python interpreter within a program, but since that
program would be able to automatically download scripts from the internet,
I''d like to run those in a restricted environment, which basically means
that I want to allow only a specific set of modules to be used by the
scripts, so that it wouldn''t be possible for them to remove files from the
hard drive, kill processes or do other nasty stuff.
Is there any way to do that with the standard python interpreter?
推荐答案
Rolf Magnus< ra **** **@t-online.de>写道:
Rolf Magnus <ra******@t-online.de> writes:
我想在一个程序中嵌入一个python解释器,但由于那个
程序能够从互联网上自动下载脚本,
我想要在受限制的环境中运行它们,这基本上意味着我想只允许
脚本使用一组特定的模块,因此它们不可能被删除来自
硬盘的文件,杀死进程或做其他令人讨厌的事情。
有没有办法用标准的python解释器做到这一点?
I would like to embed a python interpreter within a program, but since that
program would be able to automatically download scripts from the internet,
I''d like to run those in a restricted environment, which basically means
that I want to allow only a specific set of modules to be used by the
scripts, so that it wouldn''t be possible for them to remove files from the
hard drive, kill processes or do other nasty stuff.
Is there any way to do that with the standard python interpreter?
不要指望它。
Don''t count on it.
Rolf Magnus写道:
Rolf Magnus wrote:
我想要在一个程序中嵌入了一个python解释器,但由于该程序可以自动从互联网上下载脚本,
我想在受限制的环境中运行它们,这基本上意味着
我想要允许
脚本要使用的一组特定模块,这样他们就不可能从
硬盘驱动器中删除文件,杀死进程或做其他令人讨厌的事情。有没有办法用标准的python解释器做到这一点?
Hi,
I would like to embed a python interpreter within a program, but since that
program would be able to automatically download scripts from the internet,
I''d like to run those in a restricted environment, which basically means
that I want to allow only a specific set of modules to be used by the
scripts, so that it wouldn''t be possible for them to remove files from the
hard drive, kill processes or do other nasty stuff.
Is there any way to do that with the standard python interpreter?
我真的不会指望它。在我看来,这可能是错误的,Python
并不构建在像Java这样的沙箱中工作。 Java通过
来实现它通过安全管理器加载它所加载的所有类。你似乎想要的是
是一个Python有Java applet类型的限制。
您可以尝试使用''exec''来运行你的构建的
环境中的脚本。例如,
global = {}
local = {}
....你的东西。 ...
statement = []#保持脚本运行
for line in statement:
全局,本地的执行声明
全局和本地分别是全局和本地命名空间。
虽然之前已向我解释但我可以'不记得
的详细信息。简而言之,您可以为您的脚本创建一个全局和
的本地环境。
我不知道是否可以禁用或覆盖''import''......
maurice
I won''t really count on that. In my opinions, which may be wrong, Python
is not constructed to work in a sandbox like Java. Java does it by
subjecting all classes that it loads through a security manager. What
you seems to want is a Python to have Java applet-typed of restrictions.
You can try to use ''exec'' to run your scripts in a constructed
environment. For example,
global = {}
local = {}
.... your stuffs ....
statement = [] # to hold the script to run
for line in statement:
exec statement in global, local
global and local are the global and local namespaces respectively.
Although it had been explained to me before but I can''t recall the
details of how it works. In gist, you may be able to craft a global and
local environment for your script to run in.
I do not know if it is possible to disable or override ''import''......
maurice
2005年3月3日星期三在13:43,Maurice LING写道:
On Wed, 2005-01-05 at 13:43, Maurice LING wrote:
Rolf Magnus写道:
Rolf Magnus wrote:
我想在一个程序中嵌入一个python解释器,但既然那个
程序能够从互联网上自动下载脚本,
我想在受限制的环境中运行它们,这基本上意味着我只想允许
脚本使用的一组特定模块,这样他们就不可能从
硬盘中删除文件,杀死进程或做其他讨厌的事情。
有没有办法用标准的python解释器做到这一点?
我不会指望那个。在我看来,这可能是错误的,Python不是构建在像Java这样的沙箱中工作。
Hi,
I would like to embed a python interpreter within a program, but since that
program would be able to automatically download scripts from the internet,
I''d like to run those in a restricted environment, which basically means
that I want to allow only a specific set of modules to be used by the
scripts, so that it wouldn''t be possible for them to remove files from the
hard drive, kill processes or do other nasty stuff.
Is there any way to do that with the standard python interpreter?
I won''t really count on that. In my opinions, which may be wrong, Python
is not constructed to work in a sandbox like Java.
这是我的理解。事实上,我会用Python说它几乎不可能是b $ b,因为一切都是动态的,并且可以用b / b
来欺骗你的技巧数量'做的。想想使用str.encode / str.decode和getattr / hasattr可以带来的乐趣。
我调查了这个,我的结论结束了好吧,我正在使用
Python,因为我希望它具有强大的功能和灵活性。如果我想要一个安全的
脚本环境,我应该使用类似Lua或Qt Script的东西来代替
应用程序。
AFAIK这就是为什么rexec()内置被禁用的原因 - 它只是不能实现一个受限制的Python执行环境。
你可以尝试使用''exec''在构建的
环境中运行脚本。例如,
global = {}
local = {}
...你的东西....
statement = []#保存脚本运行
for line in statement:
exec语句在全局,local
全局和本地分别是全局和本地命名空间。
虽然之前已经向我解释过,但我不记得它的工作原理。简而言之,您可以为您的脚本创建一个全局和
本地环境。
我不知道是否可以禁用或覆盖' 'import''......
That is my understanding. In fact, I''d say with Python it''s nearly
impossible given how dynamic everything is and the number of tricks that
can be used to obfuscate what you''re doing. Think of the fun that can be
had with str.encode / str.decode and getattr/hasattr .
I looked into this, and my conclusion ended up being "Well, I''m using
Python because I want it''s power and flexibilty. If I want a secure
scripting environment, I should use something like Lua or Qt Script for
Applications instead."
AFAIK that''s why the rexec() builtin is disabled - it''s just not
practical to make a restricted Python execution environment.
You can try to use ''exec'' to run your scripts in a constructed
environment. For example,
global = {}
local = {}
... your stuffs ....
statement = [] # to hold the script to run
for line in statement:
exec statement in global, local
global and local are the global and local namespaces respectively.
Although it had been explained to me before but I can''t recall the
details of how it works. In gist, you may be able to craft a global and
local environment for your script to run in.
I do not know if it is possible to disable or override ''import''......
您可以通过包装/替换__builtin __.__ import__
来做到这一点。防止人们绕过你所做的事情,但是......不是确定的。
-
Craig Ringer
You can do a fair bit to it by wrapping/replacing __builtin__.__import__
.. Preventing people from getting around what you''ve done, though... not
sure.
--
Craig Ringer
这篇关于嵌入受限制的python解释器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
