Commit | Line | Data |
---|---|---|
86530b38 AT |
1 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
2 | <html> | |
3 | <head> | |
4 | <link rel="STYLESHEET" href="lib.css" type='text/css' /> | |
5 | <link rel="SHORTCUT ICON" href="../icons/pyfav.png" type="image/png" /> | |
6 | <link rel='start' href='../index.html' title='Python Documentation Index' /> | |
7 | <link rel="first" href="lib.html" title='Python Library Reference' /> | |
8 | <link rel='contents' href='contents.html' title="Contents" /> | |
9 | <link rel='index' href='genindex.html' title='Index' /> | |
10 | <link rel='last' href='about.html' title='About this document...' /> | |
11 | <link rel='help' href='about.html' title='About this document...' /> | |
12 | <link rel="next" href="node763.html" /> | |
13 | <link rel="prev" href="rexec-objects.html" /> | |
14 | <link rel="parent" href="module-rexec.html" /> | |
15 | <link rel="next" href="node763.html" /> | |
16 | <meta name='aesop' content='information' /> | |
17 | <title>17.1.2 Defining restricted environments </title> | |
18 | </head> | |
19 | <body> | |
20 | <DIV CLASS="navigation"> | |
21 | <div id='top-navigation-panel' xml:id='top-navigation-panel'> | |
22 | <table align="center" width="100%" cellpadding="0" cellspacing="2"> | |
23 | <tr> | |
24 | <td class='online-navigation'><a rel="prev" title="17.1.1 RExec Objects" | |
25 | href="rexec-objects.html"><img src='../icons/previous.png' | |
26 | border='0' height='32' alt='Previous Page' width='32' /></A></td> | |
27 | <td class='online-navigation'><a rel="parent" title="17.1 rexec " | |
28 | href="module-rexec.html"><img src='../icons/up.png' | |
29 | border='0' height='32' alt='Up One Level' width='32' /></A></td> | |
30 | <td class='online-navigation'><a rel="next" title="17.1.3 An example" | |
31 | href="node763.html"><img src='../icons/next.png' | |
32 | border='0' height='32' alt='Next Page' width='32' /></A></td> | |
33 | <td align="center" width="100%">Python Library Reference</td> | |
34 | <td class='online-navigation'><a rel="contents" title="Table of Contents" | |
35 | href="contents.html"><img src='../icons/contents.png' | |
36 | border='0' height='32' alt='Contents' width='32' /></A></td> | |
37 | <td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png' | |
38 | border='0' height='32' alt='Module Index' width='32' /></a></td> | |
39 | <td class='online-navigation'><a rel="index" title="Index" | |
40 | href="genindex.html"><img src='../icons/index.png' | |
41 | border='0' height='32' alt='Index' width='32' /></A></td> | |
42 | </tr></table> | |
43 | <div class='online-navigation'> | |
44 | <b class="navlabel">Previous:</b> | |
45 | <a class="sectref" rel="prev" href="rexec-objects.html">17.1.1 RExec Objects</A> | |
46 | <b class="navlabel">Up:</b> | |
47 | <a class="sectref" rel="parent" href="module-rexec.html">17.1 rexec </A> | |
48 | <b class="navlabel">Next:</b> | |
49 | <a class="sectref" rel="next" href="node763.html">17.1.3 An example</A> | |
50 | </div> | |
51 | <hr /></div> | |
52 | </DIV> | |
53 | <!--End of Navigation Panel--> | |
54 | ||
55 | <H2><A NAME="SECTION0019120000000000000000"></A><A NAME="rexec-extension"></A> | |
56 | <BR> | |
57 | 17.1.2 Defining restricted environments | |
58 | </H2> | |
59 | ||
60 | <P> | |
61 | The <tt class="class">RExec</tt> class has the following class attributes, which are | |
62 | used by the <tt class="method">__init__()</tt> method. Changing them on an existing | |
63 | instance won't have any effect; instead, create a subclass of | |
64 | <tt class="class">RExec</tt> and assign them new values in the class definition. | |
65 | Instances of the new class will then use those new values. All these | |
66 | attributes are tuples of strings. | |
67 | ||
68 | <P> | |
69 | <dl><dt><b><tt id='l2h-4927' xml:id='l2h-4927' class="member">nok_builtin_names</tt></b></dt> | |
70 | <dd> | |
71 | Contains the names of built-in functions which will <em>not</em> be | |
72 | available to programs running in the restricted environment. The | |
73 | value for <tt class="class">RExec</tt> is <code>('open', 'reload', '__import__')</code>. | |
74 | (This gives the exceptions, because by far the majority of built-in | |
75 | functions are harmless. A subclass that wants to override this | |
76 | variable should probably start with the value from the base class and | |
77 | concatenate additional forbidden functions -- when new dangerous | |
78 | built-in functions are added to Python, they will also be added to | |
79 | this module.) | |
80 | </dl> | |
81 | ||
82 | <P> | |
83 | <dl><dt><b><tt id='l2h-4928' xml:id='l2h-4928' class="member">ok_builtin_modules</tt></b></dt> | |
84 | <dd> | |
85 | Contains the names of built-in modules which can be safely imported. | |
86 | The value for <tt class="class">RExec</tt> is <code>('audioop', 'array', 'binascii', | |
87 | 'cmath', 'errno', 'imageop', 'marshal', 'math', 'md5', 'operator', | |
88 | 'parser', 'regex', 'select', 'sha', '_sre', 'strop', | |
89 | 'struct', 'time')</code>. A similar remark about overriding this variable | |
90 | applies -- use the value from the base class as a starting point. | |
91 | </dl> | |
92 | ||
93 | <P> | |
94 | <dl><dt><b><tt id='l2h-4929' xml:id='l2h-4929' class="member">ok_path</tt></b></dt> | |
95 | <dd> | |
96 | Contains the directories which will be searched when an <tt class="keyword">import</tt> | |
97 | is performed in the restricted environment. | |
98 | The value for <tt class="class">RExec</tt> is the same as <code>sys.path</code> (at the time | |
99 | the module is loaded) for unrestricted code. | |
100 | </dl> | |
101 | ||
102 | <P> | |
103 | <dl><dt><b><tt id='l2h-4930' xml:id='l2h-4930' class="member">ok_posix_names</tt></b></dt> | |
104 | <dd> | |
105 | Contains the names of the functions in the <tt class="module"><a href="module-os.html">os</a></tt> module which will be | |
106 | available to programs running in the restricted environment. The | |
107 | value for <tt class="class">RExec</tt> is <code>('error', 'fstat', 'listdir', | |
108 | 'lstat', 'readlink', 'stat', 'times', 'uname', 'getpid', 'getppid', | |
109 | 'getcwd', 'getuid', 'getgid', 'geteuid', 'getegid')</code>. | |
110 | </dl> | |
111 | ||
112 | <P> | |
113 | <dl><dt><b><tt id='l2h-4931' xml:id='l2h-4931' class="member">ok_sys_names</tt></b></dt> | |
114 | <dd> | |
115 | Contains the names of the functions and variables in the <tt class="module"><a href="module-sys.html">sys</a></tt> | |
116 | module which will be available to programs running in the restricted | |
117 | environment. The value for <tt class="class">RExec</tt> is <code>('ps1', 'ps2', | |
118 | 'copyright', 'version', 'platform', 'exit', 'maxint')</code>. | |
119 | </dl> | |
120 | ||
121 | <P> | |
122 | <dl><dt><b><tt id='l2h-4932' xml:id='l2h-4932' class="member">ok_file_types</tt></b></dt> | |
123 | <dd> | |
124 | Contains the file types from which modules are allowed to be loaded. | |
125 | Each file type is an integer constant defined in the <tt class="module"><a href="module-imp.html">imp</a></tt> module. | |
126 | The meaningful values are <tt class="constant">PY_SOURCE</tt>, <tt class="constant">PY_COMPILED</tt>, and | |
127 | <tt class="constant">C_EXTENSION</tt>. The value for <tt class="class">RExec</tt> is <code>(C_EXTENSION, | |
128 | PY_SOURCE)</code>. Adding <tt class="constant">PY_COMPILED</tt> in subclasses is not recommended; | |
129 | an attacker could exit the restricted execution mode by putting a forged | |
130 | byte-compiled file (<span class="file">.pyc</span>) anywhere in your file system, for example | |
131 | by writing it to <span class="file">/tmp</span> or uploading it to the <span class="file">/incoming</span> | |
132 | directory of your public FTP server. | |
133 | </dl> | |
134 | ||
135 | <P> | |
136 | ||
137 | <DIV CLASS="navigation"> | |
138 | <div class='online-navigation'> | |
139 | <p></p><hr /> | |
140 | <table align="center" width="100%" cellpadding="0" cellspacing="2"> | |
141 | <tr> | |
142 | <td class='online-navigation'><a rel="prev" title="17.1.1 RExec Objects" | |
143 | href="rexec-objects.html"><img src='../icons/previous.png' | |
144 | border='0' height='32' alt='Previous Page' width='32' /></A></td> | |
145 | <td class='online-navigation'><a rel="parent" title="17.1 rexec " | |
146 | href="module-rexec.html"><img src='../icons/up.png' | |
147 | border='0' height='32' alt='Up One Level' width='32' /></A></td> | |
148 | <td class='online-navigation'><a rel="next" title="17.1.3 An example" | |
149 | href="node763.html"><img src='../icons/next.png' | |
150 | border='0' height='32' alt='Next Page' width='32' /></A></td> | |
151 | <td align="center" width="100%">Python Library Reference</td> | |
152 | <td class='online-navigation'><a rel="contents" title="Table of Contents" | |
153 | href="contents.html"><img src='../icons/contents.png' | |
154 | border='0' height='32' alt='Contents' width='32' /></A></td> | |
155 | <td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png' | |
156 | border='0' height='32' alt='Module Index' width='32' /></a></td> | |
157 | <td class='online-navigation'><a rel="index" title="Index" | |
158 | href="genindex.html"><img src='../icons/index.png' | |
159 | border='0' height='32' alt='Index' width='32' /></A></td> | |
160 | </tr></table> | |
161 | <div class='online-navigation'> | |
162 | <b class="navlabel">Previous:</b> | |
163 | <a class="sectref" rel="prev" href="rexec-objects.html">17.1.1 RExec Objects</A> | |
164 | <b class="navlabel">Up:</b> | |
165 | <a class="sectref" rel="parent" href="module-rexec.html">17.1 rexec </A> | |
166 | <b class="navlabel">Next:</b> | |
167 | <a class="sectref" rel="next" href="node763.html">17.1.3 An example</A> | |
168 | </div> | |
169 | </div> | |
170 | <hr /> | |
171 | <span class="release-info">Release 2.4.2, documentation updated on 28 September 2005.</span> | |
172 | </DIV> | |
173 | <!--End of Navigation Panel--> | |
174 | <ADDRESS> | |
175 | See <i><a href="about.html">About this document...</a></i> for information on suggesting changes. | |
176 | </ADDRESS> | |
177 | </BODY> | |
178 | </HTML> |