Python,安全,沙盒 [英] Python, safe, sandbox
问题描述
我想建立一个网站,人们可以在其中上传他们的 Python 脚本.我当然想执行这些脚本.这些脚本应该做一些有趣的工作.问题是人们可以上传可能损害我的服务器的脚本,我想阻止这种情况.在不损害我的系统的情况下运行任意脚本的选项是什么 - 实际上根本没有看到我的系统?谢谢
I'd like to make a website where people could upload their Python scripts. Of course I'd like to execute those scripts. Those scripts should do some interesting work. The problem is that people could upload scripts that could harm my server and I'd like to prevent that. What is the option to run arbitrary scripts without harming my system - actually without seeing my system at all? Thank you
推荐答案
无法完成."
运行任意(不受信任的)脚本和保持安全是矛盾的.您应该尽可能使用自定义内核、监狱、虚拟机等.
Running arbitrary (untrusted) scripts and staying safe is a contradiction. You should go as far as using custom kernels, jails, vms, the like.
你可以看看 http://codepad.org/about 是如何做到的,它是一个 很多的工作.
You can look at how http://codepad.org/about does it, it's a lot of work.
这篇关于Python,安全,沙盒的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!