Executing untrusted scripts in a sandboxed environment

[Robin Krahl]

Hi all,

I need to execute untrusted scripts in my Python application. To avoid security issues, I want to use a sandboxed environment. This means that the script authors have no access to the file system. They may only access objects, modules and classes that are "flagged" or "approved" for scripting.

I read that I will not be able to do this with Python scripts. (See SandboxedPython page in the Python wiki [0] and several SE.com questions, e. g. [1].) So my question is: What is the best way to "embed" a script engine in a sandboxed environment that has access to the Python modules and classes that I provide?

Thanks for your help.

Best regards,
Robin

[0] http://wiki.python.org/moin/SandboxedPython
[1] http://stackoverflow.com/questions/3068139/how-can-i-sandbox-python-in-pure-python

 

[Ramchandra Apte]

Hi all,

I need to execute untrusted scripts in my Python application. To avoid security issues, I want to use a sandboxed environment. This means that the script authors have no access to the file system. They may only access objects, modules and classes that are "flagged" or "approved" for scripting.

I read that I will not be able to do this with Python scripts. (See SandboxedPython page in the Python wiki [0] and several SE.com questions, e. g. [1].) So my question is: What is the best way to "embed" a script engine ina sandboxed environment that has access to the Python modules and classes that I provide?

Thanks for your help.

Best regards,
Robin

[0] http://wiki.python.org/moin/SandboxedPython
[1] http://stackoverflow.com/questions/3068139/how-can-i-sandbox-python-in-pure-python

From http://wiki.python.org/moin/SandboxedPython
"The Java and CLR/.NET runtimes support restricted execution, and these canbe utilised through the Jython and IronPython variants of Python (as well as by other languages, obviously)."
You can also check out http://doc.pypy.org/en/latest/sandbox.html for PyPy's sandbox

 

[Ramchandra Apte]

Hi all,

I need to execute untrusted scripts in my Python application. To avoid security issues, I want to use a sandboxed environment. This means that the script authors have no access to the file system. They may only access objects, modules and classes that are "flagged" or "approved" for scripting.

I read that I will not be able to do this with Python scripts. (See SandboxedPython page in the Python wiki [0] and several SE.com questions, e. g. [1].) So my question is: What is the best way to "embed" a script engine ina sandboxed environment that has access to the Python modules and classes that I provide?

Thanks for your help.

Best regards,
Robin

[0] http://wiki.python.org/moin/SandboxedPython
[1] http://stackoverflow.com/questions/3068139/how-can-i-sandbox-python-in-pure-python
From http://wiki.python.org/moin/SandboxedPython

"The Java and CLR/.NET runtimes support restricted execution, and these canbe utilised through the Jython and IronPython variants of Python (as well as by other languages, obviously)."
You can also check out http://doc.pypy.org/en/latest/sandbox.html for PyPy's sandbox