| 1 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
| 2 | <html> |
| 3 | <head> |
| 4 | <link rel="STYLESHEET" href="lib.css" type='text/css' /> |
| 5 | <link rel="SHORTCUT ICON" href="../icons/pyfav.png" type="image/png" /> |
| 6 | <link rel='start' href='../index.html' title='Python Documentation Index' /> |
| 7 | <link rel="first" href="lib.html" title='Python Library Reference' /> |
| 8 | <link rel='contents' href='contents.html' title="Contents" /> |
| 9 | <link rel='index' href='genindex.html' title='Index' /> |
| 10 | <link rel='last' href='about.html' title='About this document...' /> |
| 11 | <link rel='help' href='about.html' title='About this document...' /> |
| 12 | <link rel="next" href="node763.html" /> |
| 13 | <link rel="prev" href="rexec-objects.html" /> |
| 14 | <link rel="parent" href="module-rexec.html" /> |
| 15 | <link rel="next" href="node763.html" /> |
| 16 | <meta name='aesop' content='information' /> |
| 17 | <title>17.1.2 Defining restricted environments </title> |
| 18 | </head> |
| 19 | <body> |
| 20 | <DIV CLASS="navigation"> |
| 21 | <div id='top-navigation-panel' xml:id='top-navigation-panel'> |
| 22 | <table align="center" width="100%" cellpadding="0" cellspacing="2"> |
| 23 | <tr> |
| 24 | <td class='online-navigation'><a rel="prev" title="17.1.1 RExec Objects" |
| 25 | href="rexec-objects.html"><img src='../icons/previous.png' |
| 26 | border='0' height='32' alt='Previous Page' width='32' /></A></td> |
| 27 | <td class='online-navigation'><a rel="parent" title="17.1 rexec " |
| 28 | href="module-rexec.html"><img src='../icons/up.png' |
| 29 | border='0' height='32' alt='Up One Level' width='32' /></A></td> |
| 30 | <td class='online-navigation'><a rel="next" title="17.1.3 An example" |
| 31 | href="node763.html"><img src='../icons/next.png' |
| 32 | border='0' height='32' alt='Next Page' width='32' /></A></td> |
| 33 | <td align="center" width="100%">Python Library Reference</td> |
| 34 | <td class='online-navigation'><a rel="contents" title="Table of Contents" |
| 35 | href="contents.html"><img src='../icons/contents.png' |
| 36 | border='0' height='32' alt='Contents' width='32' /></A></td> |
| 37 | <td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png' |
| 38 | border='0' height='32' alt='Module Index' width='32' /></a></td> |
| 39 | <td class='online-navigation'><a rel="index" title="Index" |
| 40 | href="genindex.html"><img src='../icons/index.png' |
| 41 | border='0' height='32' alt='Index' width='32' /></A></td> |
| 42 | </tr></table> |
| 43 | <div class='online-navigation'> |
| 44 | <b class="navlabel">Previous:</b> |
| 45 | <a class="sectref" rel="prev" href="rexec-objects.html">17.1.1 RExec Objects</A> |
| 46 | <b class="navlabel">Up:</b> |
| 47 | <a class="sectref" rel="parent" href="module-rexec.html">17.1 rexec </A> |
| 48 | <b class="navlabel">Next:</b> |
| 49 | <a class="sectref" rel="next" href="node763.html">17.1.3 An example</A> |
| 50 | </div> |
| 51 | <hr /></div> |
| 52 | </DIV> |
| 53 | <!--End of Navigation Panel--> |
| 54 | |
| 55 | <H2><A NAME="SECTION0019120000000000000000"></A><A NAME="rexec-extension"></A> |
| 56 | <BR> |
| 57 | 17.1.2 Defining restricted environments |
| 58 | </H2> |
| 59 | |
| 60 | <P> |
| 61 | The <tt class="class">RExec</tt> class has the following class attributes, which are |
| 62 | used by the <tt class="method">__init__()</tt> method. Changing them on an existing |
| 63 | instance won't have any effect; instead, create a subclass of |
| 64 | <tt class="class">RExec</tt> and assign them new values in the class definition. |
| 65 | Instances of the new class will then use those new values. All these |
| 66 | attributes are tuples of strings. |
| 67 | |
| 68 | <P> |
| 69 | <dl><dt><b><tt id='l2h-4927' xml:id='l2h-4927' class="member">nok_builtin_names</tt></b></dt> |
| 70 | <dd> |
| 71 | Contains the names of built-in functions which will <em>not</em> be |
| 72 | available to programs running in the restricted environment. The |
| 73 | value for <tt class="class">RExec</tt> is <code>('open', 'reload', '__import__')</code>. |
| 74 | (This gives the exceptions, because by far the majority of built-in |
| 75 | functions are harmless. A subclass that wants to override this |
| 76 | variable should probably start with the value from the base class and |
| 77 | concatenate additional forbidden functions -- when new dangerous |
| 78 | built-in functions are added to Python, they will also be added to |
| 79 | this module.) |
| 80 | </dl> |
| 81 | |
| 82 | <P> |
| 83 | <dl><dt><b><tt id='l2h-4928' xml:id='l2h-4928' class="member">ok_builtin_modules</tt></b></dt> |
| 84 | <dd> |
| 85 | Contains the names of built-in modules which can be safely imported. |
| 86 | The value for <tt class="class">RExec</tt> is <code>('audioop', 'array', 'binascii', |
| 87 | 'cmath', 'errno', 'imageop', 'marshal', 'math', 'md5', 'operator', |
| 88 | 'parser', 'regex', 'select', 'sha', '_sre', 'strop', |
| 89 | 'struct', 'time')</code>. A similar remark about overriding this variable |
| 90 | applies -- use the value from the base class as a starting point. |
| 91 | </dl> |
| 92 | |
| 93 | <P> |
| 94 | <dl><dt><b><tt id='l2h-4929' xml:id='l2h-4929' class="member">ok_path</tt></b></dt> |
| 95 | <dd> |
| 96 | Contains the directories which will be searched when an <tt class="keyword">import</tt> |
| 97 | is performed in the restricted environment. |
| 98 | The value for <tt class="class">RExec</tt> is the same as <code>sys.path</code> (at the time |
| 99 | the module is loaded) for unrestricted code. |
| 100 | </dl> |
| 101 | |
| 102 | <P> |
| 103 | <dl><dt><b><tt id='l2h-4930' xml:id='l2h-4930' class="member">ok_posix_names</tt></b></dt> |
| 104 | <dd> |
| 105 | Contains the names of the functions in the <tt class="module"><a href="module-os.html">os</a></tt> module which will be |
| 106 | available to programs running in the restricted environment. The |
| 107 | value for <tt class="class">RExec</tt> is <code>('error', 'fstat', 'listdir', |
| 108 | 'lstat', 'readlink', 'stat', 'times', 'uname', 'getpid', 'getppid', |
| 109 | 'getcwd', 'getuid', 'getgid', 'geteuid', 'getegid')</code>. |
| 110 | </dl> |
| 111 | |
| 112 | <P> |
| 113 | <dl><dt><b><tt id='l2h-4931' xml:id='l2h-4931' class="member">ok_sys_names</tt></b></dt> |
| 114 | <dd> |
| 115 | Contains the names of the functions and variables in the <tt class="module"><a href="module-sys.html">sys</a></tt> |
| 116 | module which will be available to programs running in the restricted |
| 117 | environment. The value for <tt class="class">RExec</tt> is <code>('ps1', 'ps2', |
| 118 | 'copyright', 'version', 'platform', 'exit', 'maxint')</code>. |
| 119 | </dl> |
| 120 | |
| 121 | <P> |
| 122 | <dl><dt><b><tt id='l2h-4932' xml:id='l2h-4932' class="member">ok_file_types</tt></b></dt> |
| 123 | <dd> |
| 124 | Contains the file types from which modules are allowed to be loaded. |
| 125 | Each file type is an integer constant defined in the <tt class="module"><a href="module-imp.html">imp</a></tt> module. |
| 126 | The meaningful values are <tt class="constant">PY_SOURCE</tt>, <tt class="constant">PY_COMPILED</tt>, and |
| 127 | <tt class="constant">C_EXTENSION</tt>. The value for <tt class="class">RExec</tt> is <code>(C_EXTENSION, |
| 128 | PY_SOURCE)</code>. Adding <tt class="constant">PY_COMPILED</tt> in subclasses is not recommended; |
| 129 | an attacker could exit the restricted execution mode by putting a forged |
| 130 | byte-compiled file (<span class="file">.pyc</span>) anywhere in your file system, for example |
| 131 | by writing it to <span class="file">/tmp</span> or uploading it to the <span class="file">/incoming</span> |
| 132 | directory of your public FTP server. |
| 133 | </dl> |
| 134 | |
| 135 | <P> |
| 136 | |
| 137 | <DIV CLASS="navigation"> |
| 138 | <div class='online-navigation'> |
| 139 | <p></p><hr /> |
| 140 | <table align="center" width="100%" cellpadding="0" cellspacing="2"> |
| 141 | <tr> |
| 142 | <td class='online-navigation'><a rel="prev" title="17.1.1 RExec Objects" |
| 143 | href="rexec-objects.html"><img src='../icons/previous.png' |
| 144 | border='0' height='32' alt='Previous Page' width='32' /></A></td> |
| 145 | <td class='online-navigation'><a rel="parent" title="17.1 rexec " |
| 146 | href="module-rexec.html"><img src='../icons/up.png' |
| 147 | border='0' height='32' alt='Up One Level' width='32' /></A></td> |
| 148 | <td class='online-navigation'><a rel="next" title="17.1.3 An example" |
| 149 | href="node763.html"><img src='../icons/next.png' |
| 150 | border='0' height='32' alt='Next Page' width='32' /></A></td> |
| 151 | <td align="center" width="100%">Python Library Reference</td> |
| 152 | <td class='online-navigation'><a rel="contents" title="Table of Contents" |
| 153 | href="contents.html"><img src='../icons/contents.png' |
| 154 | border='0' height='32' alt='Contents' width='32' /></A></td> |
| 155 | <td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png' |
| 156 | border='0' height='32' alt='Module Index' width='32' /></a></td> |
| 157 | <td class='online-navigation'><a rel="index" title="Index" |
| 158 | href="genindex.html"><img src='../icons/index.png' |
| 159 | border='0' height='32' alt='Index' width='32' /></A></td> |
| 160 | </tr></table> |
| 161 | <div class='online-navigation'> |
| 162 | <b class="navlabel">Previous:</b> |
| 163 | <a class="sectref" rel="prev" href="rexec-objects.html">17.1.1 RExec Objects</A> |
| 164 | <b class="navlabel">Up:</b> |
| 165 | <a class="sectref" rel="parent" href="module-rexec.html">17.1 rexec </A> |
| 166 | <b class="navlabel">Next:</b> |
| 167 | <a class="sectref" rel="next" href="node763.html">17.1.3 An example</A> |
| 168 | </div> |
| 169 | </div> |
| 170 | <hr /> |
| 171 | <span class="release-info">Release 2.4.2, documentation updated on 28 September 2005.</span> |
| 172 | </DIV> |
| 173 | <!--End of Navigation Panel--> |
| 174 | <ADDRESS> |
| 175 | See <i><a href="about.html">About this document...</a></i> for information on suggesting changes. |
| 176 | </ADDRESS> |
| 177 | </BODY> |
| 178 | </HTML> |