有没有替代 rexec 的 Python 沙箱? [英] Is there an alternative to rexec for Python sandboxing?

问题描述

在 Python 中实现沙箱"环境过去是通过 rexec 模块完成的(http://docs.python.org/library/rexec.html).不幸的是，由于一些安全漏洞，它已被弃用/删除.有没有替代品?

Implementing a 'sandbox' environment in Python used to be done with the rexec module (http://docs.python.org/library/rexec.html). Unfortunately, it has been deprecated/removed due to some security vulnerabilities. Is there an alternative?

我的目标是让 Python 代码执行半可信的 Python 脚本.在一个完美的世界中，对预定义集合之外的任何函数的调用都会引发异常.从我读到的有关 rexec 弃用的信息来看，这可能是不可能的.所以我会尽我所能.我可以生成一个单独的进程来运行脚本，这很有帮助.但他们仍然可能滥用 I/O 或处理器/内存资源.

My goal is to have Python code execute semi-trusted Python scripts. In a perfect world, calls to any functions outside of a pre-defined set would raise exceptions. From what I've read about rexec's deprecation, this may not be possible. So I'll settle for as much as I can get. I can spawn a separate process to run the scripts, which helps a lot. But they could still abuse I/O or processor/memory resources.

推荐答案

您可能希望提供自己的 __import__ 以防止包含您认为滥用 I/O 或处理器/内存资源"的任何模块."

You might want to provide your own __import__ to prevent inclusion of any modules you deem "abuse I/O or processor/memory resources."

您可能想从 pypy 开始，然后创建自己的有限制的解释器以及对资源使用的限制.

You might want to start with pypy and create your own interpreter with limitations and constraints on resource use.

这篇关于有没有替代 rexec 的 Python 沙箱?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！