[OpenSPARC-T2-DV] / tools / src / nas,5.n2.os.2 / lib / python / html / python / lib / node763.html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<link rel="STYLESHEET" href="lib.css" type='text/css' />
<link rel="SHORTCUT ICON" href="../icons/pyfav.png" type="image/png" />
<link rel='start' href='../index.html' title='Python Documentation Index' />
<link rel="first" href="lib.html" title='Python Library Reference' />
<link rel='contents' href='contents.html' title="Contents" />
<link rel='index' href='genindex.html' title='Index' />
<link rel='last' href='about.html' title='About this document...' />
<link rel='help' href='about.html' title='About this document...' />
<link rel="prev" href="rexec-extension.html" />
<link rel="parent" href="module-rexec.html" />
<link rel="next" href="module-Bastion.html" />
<meta name='aesop' content='information' />
<title>17.1.3 An example</title>
</head>
<body>
<DIV CLASS="navigation">
<div id='top-navigation-panel' xml:id='top-navigation-panel'>
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td class='online-navigation'><a rel="prev" title="17.1.2 Defining restricted environments"
  href="rexec-extension.html"><img src='../icons/previous.png'
  border='0' height='32'  alt='Previous Page' width='32' /></A></td>
<td class='online-navigation'><a rel="parent" title="17.1 rexec  "
  href="module-rexec.html"><img src='../icons/up.png'
  border='0' height='32'  alt='Up One Level' width='32' /></A></td>
<td class='online-navigation'><a rel="next" title="17.2 Bastion  "
  href="module-Bastion.html"><img src='../icons/next.png'
  border='0' height='32'  alt='Next Page' width='32' /></A></td>
<td align="center" width="100%">Python Library Reference</td>
<td class='online-navigation'><a rel="contents" title="Table of Contents"
  href="contents.html"><img src='../icons/contents.png'
  border='0' height='32'  alt='Contents' width='32' /></A></td>
<td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png'
  border='0' height='32'  alt='Module Index' width='32' /></a></td>
<td class='online-navigation'><a rel="index" title="Index"
  href="genindex.html"><img src='../icons/index.png'
  border='0' height='32'  alt='Index' width='32' /></A></td>
</tr></table>
<div class='online-navigation'>
<b class="navlabel">Previous:</b>
<a class="sectref" rel="prev" href="rexec-extension.html">17.1.2 Defining restricted environments</A>
<b class="navlabel">Up:</b>
<a class="sectref" rel="parent" href="module-rexec.html">17.1 rexec  </A>
<b class="navlabel">Next:</b>
<a class="sectref" rel="next" href="module-Bastion.html">17.2 Bastion  </A>
</div>
<hr /></div>
</DIV>
<!--End of Navigation Panel-->

<H2><A NAME="SECTION0019130000000000000000">
17.1.3 An example</A>
</H2>

<P>
Let us say that we want a slightly more relaxed policy than the
standard <tt class="class">RExec</tt> class.  For example, if we're willing to allow
files in <span class="file">/tmp</span> to be written, we can subclass the <tt class="class">RExec</tt>
class:

<P>
<div class="verbatim"><pre>
class TmpWriterRExec(rexec.RExec):
    def r_open(self, file, mode='r', buf=-1):
        if mode in ('r', 'rb'):
            pass
        elif mode in ('w', 'wb', 'a', 'ab'):
            # check filename : must begin with /tmp/
            if file[:5]!='/tmp/': 
                raise IOError, "can't write outside /tmp"
            elif (string.find(file, '/../') &gt;= 0 or
                 file[:3] == '../' or file[-3:] == '/..'):
                raise IOError, "'..' in filename forbidden"
        else: raise IOError, "Illegal open() mode"
        return open(file, mode, buf)
</pre></div>
Notice that the above code will occasionally forbid a perfectly valid
filename; for example, code in the restricted environment won't be
able to open a file called <span class="file">/tmp/foo/../bar</span>.  To fix this, the
<tt class="method">r_open()</tt> method would have to simplify the filename to
<span class="file">/tmp/bar</span>, which would require splitting apart the filename and
performing various operations on it.  In cases where security is at
stake, it may be preferable to write simple code which is sometimes
overly restrictive, instead of more general code that is also more
complex and may harbor a subtle security hole.

<DIV CLASS="navigation">
<div class='online-navigation'>
<p></p><hr />
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td class='online-navigation'><a rel="prev" title="17.1.2 Defining restricted environments"
  href="rexec-extension.html"><img src='../icons/previous.png'
  border='0' height='32'  alt='Previous Page' width='32' /></A></td>
<td class='online-navigation'><a rel="parent" title="17.1 rexec  "
  href="module-rexec.html"><img src='../icons/up.png'
  border='0' height='32'  alt='Up One Level' width='32' /></A></td>
<td class='online-navigation'><a rel="next" title="17.2 Bastion  "
  href="module-Bastion.html"><img src='../icons/next.png'
  border='0' height='32'  alt='Next Page' width='32' /></A></td>
<td align="center" width="100%">Python Library Reference</td>
<td class='online-navigation'><a rel="contents" title="Table of Contents"
  href="contents.html"><img src='../icons/contents.png'
  border='0' height='32'  alt='Contents' width='32' /></A></td>
<td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png'
  border='0' height='32'  alt='Module Index' width='32' /></a></td>
<td class='online-navigation'><a rel="index" title="Index"
  href="genindex.html"><img src='../icons/index.png'
  border='0' height='32'  alt='Index' width='32' /></A></td>
</tr></table>
<div class='online-navigation'>
<b class="navlabel">Previous:</b>
<a class="sectref" rel="prev" href="rexec-extension.html">17.1.2 Defining restricted environments</A>
<b class="navlabel">Up:</b>
<a class="sectref" rel="parent" href="module-rexec.html">17.1 rexec  </A>
<b class="navlabel">Next:</b>
<a class="sectref" rel="next" href="module-Bastion.html">17.2 Bastion  </A>
</div>
</div>
<hr />
<span class="release-info">Release 2.4.2, documentation updated on 28 September 2005.</span>
</DIV>
<!--End of Navigation Panel-->
<ADDRESS>
See <i><a href="about.html">About this document...</a></i> for information on suggesting changes.
</ADDRESS>
</BODY>
</HTML>
Commit	Line	Data
86530b38 AT	1	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
	2	<html>
	3	<head>
	4	<link rel="STYLESHEET" href="lib.css" type='text/css' />
	5	<link rel="SHORTCUT ICON" href="../icons/pyfav.png" type="image/png" />
	6	<link rel='start' href='../index.html' title='Python Documentation Index' />
	7	<link rel="first" href="lib.html" title='Python Library Reference' />
	8	<link rel='contents' href='contents.html' title="Contents" />
	9	<link rel='index' href='genindex.html' title='Index' />
	10	<link rel='last' href='about.html' title='About this document...' />
	11	<link rel='help' href='about.html' title='About this document...' />
	12	<link rel="prev" href="rexec-extension.html" />
	13	<link rel="parent" href="module-rexec.html" />
	14	<link rel="next" href="module-Bastion.html" />
	15	<meta name='aesop' content='information' />
	16	<title>17.1.3 An example</title>
	17	</head>
	18	<body>
	19	<DIV CLASS="navigation">
	20	<div id='top-navigation-panel' xml:id='top-navigation-panel'>
	21	<table align="center" width="100%" cellpadding="0" cellspacing="2">
	22	<tr>
	23	<td class='online-navigation'><a rel="prev" title="17.1.2 Defining restricted environments"
	24	href="rexec-extension.html"><img src='../icons/previous.png'
	25	border='0' height='32' alt='Previous Page' width='32' /></A></td>
	26	<td class='online-navigation'><a rel="parent" title="17.1 rexec "
	27	href="module-rexec.html"><img src='../icons/up.png'
	28	border='0' height='32' alt='Up One Level' width='32' /></A></td>
	29	<td class='online-navigation'><a rel="next" title="17.2 Bastion "
	30	href="module-Bastion.html"><img src='../icons/next.png'
	31	border='0' height='32' alt='Next Page' width='32' /></A></td>
	32	<td align="center" width="100%">Python Library Reference</td>
	33	<td class='online-navigation'><a rel="contents" title="Table of Contents"
	34	href="contents.html"><img src='../icons/contents.png'
	35	border='0' height='32' alt='Contents' width='32' /></A></td>
	36	<td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png'
	37	border='0' height='32' alt='Module Index' width='32' /></a></td>
	38	<td class='online-navigation'><a rel="index" title="Index"
	39	href="genindex.html"><img src='../icons/index.png'
	40	border='0' height='32' alt='Index' width='32' /></A></td>
	41	</tr></table>
	42	<div class='online-navigation'>
	43	<b class="navlabel">Previous:</b>
	44	<a class="sectref" rel="prev" href="rexec-extension.html">17.1.2 Defining restricted environments</A>
	45	<b class="navlabel">Up:</b>
	46	<a class="sectref" rel="parent" href="module-rexec.html">17.1 rexec </A>
	47	<b class="navlabel">Next:</b>
	48	<a class="sectref" rel="next" href="module-Bastion.html">17.2 Bastion </A>
	49	</div>
	50	<hr /></div>
	51	</DIV>
	52	<!--End of Navigation Panel-->
	53
	54	<H2><A NAME="SECTION0019130000000000000000">
	55	17.1.3 An example</A>
	56	</H2>
	57
	58	<P>
	59	Let us say that we want a slightly more relaxed policy than the
	60	standard <tt class="class">RExec</tt> class. For example, if we're willing to allow
	61	files in <span class="file">/tmp</span> to be written, we can subclass the <tt class="class">RExec</tt>
	62	class:
	63
	64	<P>
65	<div class="verbatim"><pre>
66	class TmpWriterRExec(rexec.RExec):
67	def r_open(self, file, mode='r', buf=-1):
68	if mode in ('r', 'rb'):
69	pass
70	elif mode in ('w', 'wb', 'a', 'ab'):
71	# check filename : must begin with /tmp/
72	if file[:5]!='/tmp/':
73	raise IOError, "can't write outside /tmp"
74	elif (string.find(file, '/../') >= 0 or
75	file[:3] == '../' or file[-3:] == '/..'):
76	raise IOError, "'..' in filename forbidden"
77	else: raise IOError, "Illegal open() mode"
78	return open(file, mode, buf)
79	</pre></div>
80	Notice that the above code will occasionally forbid a perfectly valid
81	filename; for example, code in the restricted environment won't be
82	able to open a file called <span class="file">/tmp/foo/../bar</span>. To fix this, the
83	<tt class="method">r_open()</tt> method would have to simplify the filename to
84	<span class="file">/tmp/bar</span>, which would require splitting apart the filename and
85	performing various operations on it. In cases where security is at
86	stake, it may be preferable to write simple code which is sometimes
87	overly restrictive, instead of more general code that is also more
88	complex and may harbor a subtle security hole.
89
90	<DIV CLASS="navigation">
91	<div class='online-navigation'>
92	<p></p><hr />
93	<table align="center" width="100%" cellpadding="0" cellspacing="2">
94	<tr>
95	<td class='online-navigation'><a rel="prev" title="17.1.2 Defining restricted environments"
96	href="rexec-extension.html"><img src='../icons/previous.png'
97	border='0' height='32' alt='Previous Page' width='32' /></A></td>
98	<td class='online-navigation'><a rel="parent" title="17.1 rexec "
99	href="module-rexec.html"><img src='../icons/up.png'
100	border='0' height='32' alt='Up One Level' width='32' /></A></td>
101	<td class='online-navigation'><a rel="next" title="17.2 Bastion "
102	href="module-Bastion.html"><img src='../icons/next.png'
103	border='0' height='32' alt='Next Page' width='32' /></A></td>
104	<td align="center" width="100%">Python Library Reference</td>
105	<td class='online-navigation'><a rel="contents" title="Table of Contents"
106	href="contents.html"><img src='../icons/contents.png'
107	border='0' height='32' alt='Contents' width='32' /></A></td>
108	<td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png'
109	border='0' height='32' alt='Module Index' width='32' /></a></td>
110	<td class='online-navigation'><a rel="index" title="Index"
111	href="genindex.html"><img src='../icons/index.png'
112	border='0' height='32' alt='Index' width='32' /></A></td>
113	</tr></table>
114	<div class='online-navigation'>
115	<b class="navlabel">Previous:</b>
116	<a class="sectref" rel="prev" href="rexec-extension.html">17.1.2 Defining restricted environments</A>
117	<b class="navlabel">Up:</b>
118	<a class="sectref" rel="parent" href="module-rexec.html">17.1 rexec </A>
119	<b class="navlabel">Next:</b>
120	<a class="sectref" rel="next" href="module-Bastion.html">17.2 Bastion </A>
121	</div>
122	</div>
123	<hr />
124	<span class="release-info">Release 2.4.2, documentation updated on 28 September 2005.</span>
125	</DIV>
126	<!--End of Navigation Panel-->
127	<ADDRESS>
128	See <i><a href="about.html">About this document...</a></i> for information on suggesting changes.
129	</ADDRESS>
130	</BODY>
131	</HTML>