[Zope] Script (Python) insecure ?

M.-A. Lemburg mal at egenix.com
Sat Aug 16 07:56:56 EDT 2008 

On 2008-08-16 13:39, Andreas Jung wrote:
> 
> 
> --On 16. August 2008 13:11:13 +0200 "M.-A. Lemburg" <mal at egenix.com> wrote:
> 
> 
>>
>> In my experience, attempts to create a sandbox that protects
>> sufficiently against unwanted resource usage are either too
>> restrictive and slow to make them useful or have problems
>> preventing DOS attacks.
> 
> I think you can't solve the issue with the standard technology we have 
> in CPython. I remember that Python once had a restricted execution 
> environment. Wasn't it buggy as hell? 

It used to be fairly safe at one point (I think around Python 1.4),
but maintenance was then dropped and so it was deprecated later
on. The main module was called Bastion.py.

> RestrictedPython of Zope surely similar 
> problems. As with all such restricted execution environment (not only in 
> Zope): they are attackable.

Right.

While some of them are fairly good at restricting
access to e.g. the file system or object system, they usually
lack protection against unlimited CPU and memory use.

A multi-threaded approach makes hard as well, since killing of
a thread often doesn't release the associated resources.

In a multi-process environment things are easier, since the OS
will take care of most of the monitoring and apply this at a
much lower level.

>> It's usually a lot better (and more efficient) to use trusted
>> code only.
> 
> Definitely. A common development pattern is the usage of CMF and 
> portal_skins where you work with PythonScripts on the filesystem.
> The scripts themselves still run under the control of RestrictedPython 
> however the whole development model can be regarded as being trusted.
 >
>> BTW: The reason why I had a look at these was that Chris Withers
>> mentioned at EuroPython that they are currently causing delays
>> in the Python 2.5 adoption (or at least are one of the reasons
>> for them).
>>
> 
> Is Chris' talk somewhere online?

It was a lightning talk. I'm not sure whether those are online
somewhere.

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Aug 16 2008)
 >>> Python/Zope Consulting and Support ...        http://www.egenix.com/
 >>> mxODBC.Zope.Database.Adapter ...             http://zope.egenix.com/
 >>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________

:::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,MacOSX for free ! ::::


    eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
     D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
            Registered at Amtsgericht Duesseldorf: HRB 46611

More information about the Zope mailing list