有没有替代 rexec 的 Python 沙箱? [英] Is there an alternative to rexec for Python sandboxing?
问题描述
在 Python 中实现沙箱"环境过去是通过 rexec 模块完成的(http://docs.python.org/library/rexec.html).不幸的是,由于一些安全漏洞,它已被弃用/删除.有没有替代品?
Implementing a 'sandbox' environment in Python used to be done with the rexec module (http://docs.python.org/library/rexec.html). Unfortunately, it has been deprecated/removed due to some security vulnerabilities. Is there an alternative?
我的目标是让 Python 代码执行半可信的 Python 脚本.在一个完美的世界中,对预定义集合之外的任何函数的调用都会引发异常.从我读到的有关 rexec 弃用的信息来看,这可能是不可能的.所以我会尽我所能.我可以生成一个单独的进程来运行脚本,这很有帮助.但他们仍然可能滥用 I/O 或处理器/内存资源.
My goal is to have Python code execute semi-trusted Python scripts. In a perfect world, calls to any functions outside of a pre-defined set would raise exceptions. From what I've read about rexec's deprecation, this may not be possible. So I'll settle for as much as I can get. I can spawn a separate process to run the scripts, which helps a lot. But they could still abuse I/O or processor/memory resources.
推荐答案
您可能希望提供自己的 __import__
以防止包含您认为滥用 I/O 或处理器/内存资源"的任何模块."
You might want to provide your own __import__
to prevent inclusion of any modules you deem "abuse I/O or processor/memory resources."
您可能想从 pypy 开始,然后创建自己的有限制的解释器以及对资源使用的限制.
You might want to start with pypy and create your own interpreter with limitations and constraints on resource use.
这篇关于有没有替代 rexec 的 Python 沙箱?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!