<!DOCTYPE html PUBLIC
"-//W3C//DTD HTML 4.0 Transitional//EN">
<link rel=
"STYLESHEET" href=
"lib.css" type='text/css'
/>
<link rel=
"SHORTCUT ICON" href=
"../icons/pyfav.png" type=
"image/png" />
<link rel='start' href='../index.html' title='Python Documentation Index'
/>
<link rel=
"first" href=
"lib.html" title='Python Library Reference'
/>
<link rel='contents' href='contents.html'
title=
"Contents" />
<link rel='index' href='genindex.html' title='Index'
/>
<link rel='last' href='about.html' title='About this document...'
/>
<link rel='help' href='about.html' title='About this document...'
/>
<link rel=
"next" href=
"node763.html" />
<link rel=
"prev" href=
"rexec-objects.html" />
<link rel=
"parent" href=
"module-rexec.html" />
<link rel=
"next" href=
"node763.html" />
<meta name='aesop' content='information'
/>
<title>17.1.2 Defining restricted environments
</title>
<div id='top-navigation-panel' xml:id='top-navigation-panel'
>
<table align=
"center" width=
"100%" cellpadding=
"0" cellspacing=
"2">
<td class='online-navigation'
><a rel=
"prev" title=
"17.1.1 RExec Objects"
href=
"rexec-objects.html"><img src='../icons/previous.png'
border='
0' height='
32' alt='Previous Page' width='
32'
/></A></td>
<td class='online-navigation'
><a rel=
"parent" title=
"17.1 rexec "
href=
"module-rexec.html"><img src='../icons/up.png'
border='
0' height='
32' alt='Up One Level' width='
32'
/></A></td>
<td class='online-navigation'
><a rel=
"next" title=
"17.1.3 An example"
href=
"node763.html"><img src='../icons/next.png'
border='
0' height='
32' alt='Next Page' width='
32'
/></A></td>
<td align=
"center" width=
"100%">Python Library Reference
</td>
<td class='online-navigation'
><a rel=
"contents" title=
"Table of Contents"
href=
"contents.html"><img src='../icons/contents.png'
border='
0' height='
32' alt='Contents' width='
32'
/></A></td>
<td class='online-navigation'
><a href=
"modindex.html" title=
"Module Index"><img src='../icons/modules.png'
border='
0' height='
32' alt='Module Index' width='
32'
/></a></td>
<td class='online-navigation'
><a rel=
"index" title=
"Index"
href=
"genindex.html"><img src='../icons/index.png'
border='
0' height='
32' alt='Index' width='
32'
/></A></td>
<div class='online-navigation'
>
<b class=
"navlabel">Previous:
</b>
<a class=
"sectref" rel=
"prev" href=
"rexec-objects.html">17.1.1 RExec Objects
</A>
<b class=
"navlabel">Up:
</b>
<a class=
"sectref" rel=
"parent" href=
"module-rexec.html">17.1 rexec
</A>
<b class=
"navlabel">Next:
</b>
<a class=
"sectref" rel=
"next" href=
"node763.html">17.1.3 An example
</A>
<!--End of Navigation Panel-->
<H2><A NAME=
"SECTION0019120000000000000000"></A><A NAME=
"rexec-extension"></A>
17.1.2 Defining restricted environments
The
<tt class=
"class">RExec
</tt> class has the following class attributes, which are
used by the
<tt class=
"method">__init__()
</tt> method. Changing them on an existing
instance won't have any effect; instead, create a subclass of
<tt class=
"class">RExec
</tt> and assign them new values in the class definition.
Instances of the new class will then use those new values. All these
attributes are tuples of strings.
<dl><dt><b><tt id='l2h-
4927' xml:id='l2h-
4927'
class=
"member">nok_builtin_names
</tt></b></dt>
Contains the names of built-in functions which will
<em>not
</em> be
available to programs running in the restricted environment. The
value for
<tt class=
"class">RExec
</tt> is
<code>('open', 'reload', '__import__')
</code>.
(This gives the exceptions, because by far the majority of built-in
functions are harmless. A subclass that wants to override this
variable should probably start with the value from the base class and
concatenate additional forbidden functions -- when new dangerous
built-in functions are added to Python, they will also be added to
<dl><dt><b><tt id='l2h-
4928' xml:id='l2h-
4928'
class=
"member">ok_builtin_modules
</tt></b></dt>
Contains the names of built-in modules which can be safely imported.
The value for
<tt class=
"class">RExec
</tt> is
<code>('audioop', 'array', 'binascii',
'cmath', 'errno', 'imageop', 'marshal', 'math', 'md5', 'operator',
'parser', 'regex', 'select', 'sha', '_sre', 'strop',
'struct', 'time')
</code>. A similar remark about overriding this variable
applies -- use the value from the base class as a starting point.
<dl><dt><b><tt id='l2h-
4929' xml:id='l2h-
4929'
class=
"member">ok_path
</tt></b></dt>
Contains the directories which will be searched when an
<tt class=
"keyword">import
</tt>
is performed in the restricted environment.
The value for
<tt class=
"class">RExec
</tt> is the same as
<code>sys.path
</code> (at the time
the module is loaded) for unrestricted code.
<dl><dt><b><tt id='l2h-
4930' xml:id='l2h-
4930'
class=
"member">ok_posix_names
</tt></b></dt>
Contains the names of the functions in the
<tt class=
"module"><a href=
"module-os.html">os
</a></tt> module which will be
available to programs running in the restricted environment. The
value for
<tt class=
"class">RExec
</tt> is
<code>('error', 'fstat', 'listdir',
'lstat', 'readlink', 'stat', 'times', 'uname', 'getpid', 'getppid',
'getcwd', 'getuid', 'getgid', 'geteuid', 'getegid')
</code>.
<dl><dt><b><tt id='l2h-
4931' xml:id='l2h-
4931'
class=
"member">ok_sys_names
</tt></b></dt>
Contains the names of the functions and variables in the
<tt class=
"module"><a href=
"module-sys.html">sys
</a></tt>
module which will be available to programs running in the restricted
environment. The value for
<tt class=
"class">RExec
</tt> is
<code>('ps1', 'ps2',
'copyright', 'version', 'platform', 'exit', 'maxint')
</code>.
<dl><dt><b><tt id='l2h-
4932' xml:id='l2h-
4932'
class=
"member">ok_file_types
</tt></b></dt>
Contains the file types from which modules are allowed to be loaded.
Each file type is an integer constant defined in the
<tt class=
"module"><a href=
"module-imp.html">imp
</a></tt> module.
The meaningful values are
<tt class=
"constant">PY_SOURCE
</tt>,
<tt class=
"constant">PY_COMPILED
</tt>, and
<tt class=
"constant">C_EXTENSION
</tt>. The value for
<tt class=
"class">RExec
</tt> is
<code>(C_EXTENSION,
PY_SOURCE)
</code>. Adding
<tt class=
"constant">PY_COMPILED
</tt> in subclasses is not recommended;
an attacker could exit the restricted execution mode by putting a forged
byte-compiled file (
<span class=
"file">.pyc
</span>) anywhere in your file system, for example
by writing it to
<span class=
"file">/tmp
</span> or uploading it to the
<span class=
"file">/incoming
</span>
directory of your public FTP server.
<div class='online-navigation'
>
<table align=
"center" width=
"100%" cellpadding=
"0" cellspacing=
"2">
<td class='online-navigation'
><a rel=
"prev" title=
"17.1.1 RExec Objects"
href=
"rexec-objects.html"><img src='../icons/previous.png'
border='
0' height='
32' alt='Previous Page' width='
32'
/></A></td>
<td class='online-navigation'
><a rel=
"parent" title=
"17.1 rexec "
href=
"module-rexec.html"><img src='../icons/up.png'
border='
0' height='
32' alt='Up One Level' width='
32'
/></A></td>
<td class='online-navigation'
><a rel=
"next" title=
"17.1.3 An example"
href=
"node763.html"><img src='../icons/next.png'
border='
0' height='
32' alt='Next Page' width='
32'
/></A></td>
<td align=
"center" width=
"100%">Python Library Reference
</td>
<td class='online-navigation'
><a rel=
"contents" title=
"Table of Contents"
href=
"contents.html"><img src='../icons/contents.png'
border='
0' height='
32' alt='Contents' width='
32'
/></A></td>
<td class='online-navigation'
><a href=
"modindex.html" title=
"Module Index"><img src='../icons/modules.png'
border='
0' height='
32' alt='Module Index' width='
32'
/></a></td>
<td class='online-navigation'
><a rel=
"index" title=
"Index"
href=
"genindex.html"><img src='../icons/index.png'
border='
0' height='
32' alt='Index' width='
32'
/></A></td>
<div class='online-navigation'
>
<b class=
"navlabel">Previous:
</b>
<a class=
"sectref" rel=
"prev" href=
"rexec-objects.html">17.1.1 RExec Objects
</A>
<b class=
"navlabel">Up:
</b>
<a class=
"sectref" rel=
"parent" href=
"module-rexec.html">17.1 rexec
</A>
<b class=
"navlabel">Next:
</b>
<a class=
"sectref" rel=
"next" href=
"node763.html">17.1.3 An example
</A>
<span class=
"release-info">Release
2.4.2, documentation updated on
28 September
2005.
</span>
<!--End of Navigation Panel-->
See
<i><a href=
"about.html">About this document...
</a></i> for information on suggesting changes.