projects / OpenSPARC-T2-SAM / blob
? search:
summary | tags | clone url | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Initial commit of OpenSPARC T2 architecture model.
[OpenSPARC-T2-SAM] / sam-t2 / devtools / amd64 / html / python / lib / rexec-extension.html
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<link rel="STYLESHEET" href="lib.css" type='text/css' />
<link rel="SHORTCUT ICON" href="../icons/pyfav.png" type="image/png" />
<link rel='start' href='../index.html' title='Python Documentation Index' />
<link rel="first" href="lib.html" title='Python Library Reference' />
<link rel='contents' href='contents.html' title="Contents" />
<link rel='index' href='genindex.html' title='Index' />
<link rel='last' href='about.html' title='About this document...' />
<link rel='help' href='about.html' title='About this document...' />
<link rel="next" href="node763.html" />
<link rel="prev" href="rexec-objects.html" />
<link rel="parent" href="module-rexec.html" />
<link rel="next" href="node763.html" />
<meta name='aesop' content='information' />
<title>17.1.2 Defining restricted environments </title>
</head>
<body>
<DIV CLASS="navigation">
<div id='top-navigation-panel' xml:id='top-navigation-panel'>
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td class='online-navigation'><a rel="prev" title="17.1.1 RExec Objects"
href="rexec-objects.html"><img src='../icons/previous.png'
border='0' height='32' alt='Previous Page' width='32' /></A></td>
<td class='online-navigation'><a rel="parent" title="17.1 rexec "
href="module-rexec.html"><img src='../icons/up.png'
border='0' height='32' alt='Up One Level' width='32' /></A></td>
<td class='online-navigation'><a rel="next" title="17.1.3 An example"
href="node763.html"><img src='../icons/next.png'
border='0' height='32' alt='Next Page' width='32' /></A></td>
<td align="center" width="100%">Python Library Reference</td>
<td class='online-navigation'><a rel="contents" title="Table of Contents"
href="contents.html"><img src='../icons/contents.png'
border='0' height='32' alt='Contents' width='32' /></A></td>
<td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png'
border='0' height='32' alt='Module Index' width='32' /></a></td>
<td class='online-navigation'><a rel="index" title="Index"
href="genindex.html"><img src='../icons/index.png'
border='0' height='32' alt='Index' width='32' /></A></td>
</tr></table>
<div class='online-navigation'>
<b class="navlabel">Previous:</b>
<a class="sectref" rel="prev" href="rexec-objects.html">17.1.1 RExec Objects</A>
<b class="navlabel">Up:</b>
<a class="sectref" rel="parent" href="module-rexec.html">17.1 rexec </A>
<b class="navlabel">Next:</b>
<a class="sectref" rel="next" href="node763.html">17.1.3 An example</A>
</div>
<hr /></div>
</DIV>
<!--End of Navigation Panel-->
<H2><A NAME="SECTION0019120000000000000000"></A><A NAME="rexec-extension"></A>
<BR>
17.1.2 Defining restricted environments
</H2>
<P>
The <tt class="class">RExec</tt> class has the following class attributes, which are
used by the <tt class="method">__init__()</tt> method. Changing them on an existing
instance won't have any effect; instead, create a subclass of
<tt class="class">RExec</tt> and assign them new values in the class definition.
Instances of the new class will then use those new values. All these
attributes are tuples of strings.
<P>
<dl><dt><b><tt id='l2h-4927' xml:id='l2h-4927' class="member">nok_builtin_names</tt></b></dt>
<dd>
Contains the names of built-in functions which will <em>not</em> be
available to programs running in the restricted environment. The
value for <tt class="class">RExec</tt> is <code>('open', 'reload', '__import__')</code>.
(This gives the exceptions, because by far the majority of built-in
functions are harmless. A subclass that wants to override this
variable should probably start with the value from the base class and
concatenate additional forbidden functions -- when new dangerous
built-in functions are added to Python, they will also be added to
this module.)
</dl>
<P>
<dl><dt><b><tt id='l2h-4928' xml:id='l2h-4928' class="member">ok_builtin_modules</tt></b></dt>
<dd>
Contains the names of built-in modules which can be safely imported.
The value for <tt class="class">RExec</tt> is <code>('audioop', 'array', 'binascii',
'cmath', 'errno', 'imageop', 'marshal', 'math', 'md5', 'operator',
'parser', 'regex', 'select', 'sha', '_sre', 'strop',
'struct', 'time')</code>. A similar remark about overriding this variable
applies -- use the value from the base class as a starting point.
</dl>
<P>
<dl><dt><b><tt id='l2h-4929' xml:id='l2h-4929' class="member">ok_path</tt></b></dt>
<dd>
Contains the directories which will be searched when an <tt class="keyword">import</tt>
is performed in the restricted environment.
The value for <tt class="class">RExec</tt> is the same as <code>sys.path</code> (at the time
the module is loaded) for unrestricted code.
</dl>
<P>
<dl><dt><b><tt id='l2h-4930' xml:id='l2h-4930' class="member">ok_posix_names</tt></b></dt>
<dd>
Contains the names of the functions in the <tt class="module"><a href="module-os.html">os</a></tt> module which will be
available to programs running in the restricted environment. The
value for <tt class="class">RExec</tt> is <code>('error', 'fstat', 'listdir',
'lstat', 'readlink', 'stat', 'times', 'uname', 'getpid', 'getppid',
'getcwd', 'getuid', 'getgid', 'geteuid', 'getegid')</code>.
</dl>
<P>
<dl><dt><b><tt id='l2h-4931' xml:id='l2h-4931' class="member">ok_sys_names</tt></b></dt>
<dd>
Contains the names of the functions and variables in the <tt class="module"><a href="module-sys.html">sys</a></tt>
module which will be available to programs running in the restricted
environment. The value for <tt class="class">RExec</tt> is <code>('ps1', 'ps2',
'copyright', 'version', 'platform', 'exit', 'maxint')</code>.
</dl>
<P>
<dl><dt><b><tt id='l2h-4932' xml:id='l2h-4932' class="member">ok_file_types</tt></b></dt>
<dd>
Contains the file types from which modules are allowed to be loaded.
Each file type is an integer constant defined in the <tt class="module"><a href="module-imp.html">imp</a></tt> module.
The meaningful values are <tt class="constant">PY_SOURCE</tt>, <tt class="constant">PY_COMPILED</tt>, and
<tt class="constant">C_EXTENSION</tt>. The value for <tt class="class">RExec</tt> is <code>(C_EXTENSION,
PY_SOURCE)</code>. Adding <tt class="constant">PY_COMPILED</tt> in subclasses is not recommended;
an attacker could exit the restricted execution mode by putting a forged
byte-compiled file (<span class="file">.pyc</span>) anywhere in your file system, for example
by writing it to <span class="file">/tmp</span> or uploading it to the <span class="file">/incoming</span>
directory of your public FTP server.
</dl>
<P>
<DIV CLASS="navigation">
<div class='online-navigation'>
<p></p><hr />
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td class='online-navigation'><a rel="prev" title="17.1.1 RExec Objects"
href="rexec-objects.html"><img src='../icons/previous.png'
border='0' height='32' alt='Previous Page' width='32' /></A></td>
<td class='online-navigation'><a rel="parent" title="17.1 rexec "
href="module-rexec.html"><img src='../icons/up.png'
border='0' height='32' alt='Up One Level' width='32' /></A></td>
<td class='online-navigation'><a rel="next" title="17.1.3 An example"
href="node763.html"><img src='../icons/next.png'
border='0' height='32' alt='Next Page' width='32' /></A></td>
<td align="center" width="100%">Python Library Reference</td>
<td class='online-navigation'><a rel="contents" title="Table of Contents"
href="contents.html"><img src='../icons/contents.png'
border='0' height='32' alt='Contents' width='32' /></A></td>
<td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png'
border='0' height='32' alt='Module Index' width='32' /></a></td>
<td class='online-navigation'><a rel="index" title="Index"
href="genindex.html"><img src='../icons/index.png'
border='0' height='32' alt='Index' width='32' /></A></td>
</tr></table>
<div class='online-navigation'>
<b class="navlabel">Previous:</b>
<a class="sectref" rel="prev" href="rexec-objects.html">17.1.1 RExec Objects</A>
<b class="navlabel">Up:</b>
<a class="sectref" rel="parent" href="module-rexec.html">17.1 rexec </A>
<b class="navlabel">Next:</b>
<a class="sectref" rel="next" href="node763.html">17.1.3 An example</A>
</div>
</div>
<hr />
<span class="release-info">Release 2.4.2, documentation updated on 28 September 2005.</span>
</DIV>
<!--End of Navigation Panel-->
<ADDRESS>
See <i><a href="about.html">About this document...</a></i> for information on suggesting changes.
</ADDRESS>
</BODY>
</HTML>
Full OpenSPARC architecture tarball including simulator, hypervisor, and OBP.