<!DOCTYPE html PUBLIC
"-//W3C//DTD HTML 4.0 Transitional//EN">
<link rel=
"STYLESHEET" href=
"lib.css" type='text/css'
/>
<link rel=
"SHORTCUT ICON" href=
"../icons/pyfav.png" type=
"image/png" />
<link rel='start' href='../index.html' title='Python Documentation Index'
/>
<link rel=
"first" href=
"lib.html" title='Python Library Reference'
/>
<link rel='contents' href='contents.html'
title=
"Contents" />
<link rel='index' href='genindex.html' title='Index'
/>
<link rel='last' href='about.html' title='About this document...'
/>
<link rel='help' href='about.html' title='About this document...'
/>
<link rel=
"next" href=
"module-Bastion.html" />
<link rel=
"prev" href=
"restricted.html" />
<link rel=
"parent" href=
"restricted.html" />
<link rel=
"next" href=
"rexec-objects.html" />
<meta name='aesop' content='information'
/>
<title>17.1 rexec -- Restricted execution framework
</title>
<div id='top-navigation-panel' xml:id='top-navigation-panel'
>
<table align=
"center" width=
"100%" cellpadding=
"0" cellspacing=
"2">
<td class='online-navigation'
><a rel=
"prev" title=
"17. Restricted Execution"
href=
"restricted.html"><img src='../icons/previous.png'
border='
0' height='
32' alt='Previous Page' width='
32'
/></A></td>
<td class='online-navigation'
><a rel=
"parent" title=
"17. Restricted Execution"
href=
"restricted.html"><img src='../icons/up.png'
border='
0' height='
32' alt='Up One Level' width='
32'
/></A></td>
<td class='online-navigation'
><a rel=
"next" title=
"17.1.1 RExec Objects"
href=
"rexec-objects.html"><img src='../icons/next.png'
border='
0' height='
32' alt='Next Page' width='
32'
/></A></td>
<td align=
"center" width=
"100%">Python Library Reference
</td>
<td class='online-navigation'
><a rel=
"contents" title=
"Table of Contents"
href=
"contents.html"><img src='../icons/contents.png'
border='
0' height='
32' alt='Contents' width='
32'
/></A></td>
<td class='online-navigation'
><a href=
"modindex.html" title=
"Module Index"><img src='../icons/modules.png'
border='
0' height='
32' alt='Module Index' width='
32'
/></a></td>
<td class='online-navigation'
><a rel=
"index" title=
"Index"
href=
"genindex.html"><img src='../icons/index.png'
border='
0' height='
32' alt='Index' width='
32'
/></A></td>
<div class='online-navigation'
>
<b class=
"navlabel">Previous:
</b>
<a class=
"sectref" rel=
"prev" href=
"restricted.html">17. Restricted Execution
</A>
<b class=
"navlabel">Up:
</b>
<a class=
"sectref" rel=
"parent" href=
"restricted.html">17. Restricted Execution
</A>
<b class=
"navlabel">Next:
</b>
<a class=
"sectref" rel=
"next" href=
"rexec-objects.html">17.1.1 RExec Objects
</A>
<!--End of Navigation Panel-->
<H1><A NAME=
"SECTION0019100000000000000000">
17.1 <tt class=
"module">rexec
</tt> --
Restricted execution framework
</A>
<A NAME=
"module-rexec"></A>
<span class=
"versionnote">Changed in version
2.3:
<div class=
"warning"><b class=
"label">Warning:
</b>
The documentation has been left in place to help in reading old code
This module contains the
<tt class=
"class">RExec
</tt> class, which supports
<tt class=
"method">r_eval()
</tt>,
<tt class=
"method">r_execfile()
</tt>,
<tt class=
"method">r_exec()
</tt>, and
<tt class=
"method">r_import()
</tt> methods, which are restricted versions of the standard
Python functions
<tt class=
"method">eval()
</tt>,
<tt class=
"method">execfile()
</tt> and
the
<tt class=
"keyword">exec
</tt> and
<tt class=
"keyword">import
</tt> statements.
Code executed in this restricted environment will
only have access to modules and functions that are deemed safe; you
can subclass
<tt class=
"class">RExec
</tt> to add or remove capabilities as desired.
<div class=
"warning"><b class=
"label">Warning:
</b>
While the
<tt class=
"module">rexec
</tt> module is designed to perform as described
below, it does have a few known vulnerabilities which could be
exploited by carefully written code. Thus it should not be relied
upon in situations requiring ``production ready'' security. In such
situations, execution via sub-processes or very careful
``cleansing'' of both code and data to be processed may be
necessary. Alternatively, help in patching known
<tt class=
"module">rexec
</tt>
vulnerabilities would be welcomed.
<div class=
"note"><b class=
"label">Note:
</b>
The
<tt class=
"class">RExec
</tt> class can prevent code from performing unsafe
operations like reading or writing disk files, or using TCP/IP
sockets. However, it does not protect against code using extremely
large amounts of memory or processor time.
<dl><dt><table cellpadding=
"0" cellspacing=
"0"><tr valign=
"baseline">
<td><nobr><b><span class=
"typelabel">class
</span> <tt id='l2h-
4913' xml:id='l2h-
4913'
class=
"class">RExec
</tt></b>(
</nobr></td>
<td><var></var><big>[
</big><var>hooks
</var><big>[
</big><var>, verbose
</var><big>]
</big><var></var><big>]
</big><var></var>)
</td></tr></table></dt>
Returns an instance of the
<tt class=
"class">RExec
</tt> class.
<var>hooks
</var> is an instance of the
<tt class=
"class">RHooks
</tt> class or a subclass of it.
If it is omitted or
<code>None
</code>, the default
<tt class=
"class">RHooks
</tt> class is
Whenever the
<tt class=
"module">rexec
</tt> module searches for a module (even a
built-in one) or reads a module's code, it doesn't actually go out to
the file system itself. Rather, it calls methods of an
<tt class=
"class">RHooks
</tt>
instance that was passed to or created by its constructor. (Actually,
the
<tt class=
"class">RExec
</tt> object doesn't make these calls -- they are made by
a module loader object that's part of the
<tt class=
"class">RExec
</tt> object. This
allows another level of flexibility, which can be useful when changing
the mechanics of
<tt class=
"keyword">import
</tt> within the restricted environment.)
By providing an alternate
<tt class=
"class">RHooks
</tt> object, we can control the
file system accesses made to import a module, without changing the
actual algorithm that controls the order in which those accesses are
made. For instance, we could substitute an
<tt class=
"class">RHooks
</tt> object that
passes all filesystem requests to a file server elsewhere, via some
RPC mechanism such as ILU. Grail's applet loader uses this to support
importing applets from a URL for a directory.
If
<var>verbose
</var> is true, additional debugging output may be sent to
It is important to be aware that code running in a restricted
environment can still call the
<tt class=
"function">sys.exit()
</tt> function. To
disallow restricted code from exiting the interpreter, always protect
calls that cause restricted code to run with a
<tt class=
"keyword">try
</tt>/
<tt class=
"keyword">except
</tt> statement that catches the
<tt class=
"exception">SystemExit
</tt> exception. Removing the
<tt class=
"function">sys.exit()
</tt>
function from the restricted environment is not sufficient -- the
restricted code could still use
<code>raise SystemExit
</code>. Removing
<tt class=
"exception">SystemExit
</tt> is not a reasonable option; some library code
makes use of this and would break were it not available.
<p class=
"heading">See Also:
</p>
<dl compact=
"compact" class=
"seetitle">
<dt><em class=
"citetitle"><a href=
"http://grail.sourceforge.net/"
>Grail Home Page
</a></em></dt>
Web browser written entirely in Python. It uses the
<tt class=
"module">rexec
</tt> module as a foundation for supporting
Python applets, and can be used as an example usage of
<p><br /></p><hr class='online-navigation'
/>
<div class='online-navigation'
>
<!--Table of Child-Links-->
<A NAME=
"CHILD_LINKS"><STRONG>Subsections
</STRONG></a>
<LI><A href=
"rexec-objects.html">17.1.1 RExec Objects
</a>
<LI><A href=
"rexec-extension.html">17.1.2 Defining restricted environments
</a>
<LI><A href=
"node763.html">17.1.3 An example
</a>
<!--End of Table of Child-Links-->
<div class='online-navigation'
>
<table align=
"center" width=
"100%" cellpadding=
"0" cellspacing=
"2">
<td class='online-navigation'
><a rel=
"prev" title=
"17. Restricted Execution"
href=
"restricted.html"><img src='../icons/previous.png'
border='
0' height='
32' alt='Previous Page' width='
32'
/></A></td>
<td class='online-navigation'
><a rel=
"parent" title=
"17. Restricted Execution"
href=
"restricted.html"><img src='../icons/up.png'
border='
0' height='
32' alt='Up One Level' width='
32'
/></A></td>
<td class='online-navigation'
><a rel=
"next" title=
"17.1.1 RExec Objects"
href=
"rexec-objects.html"><img src='../icons/next.png'
border='
0' height='
32' alt='Next Page' width='
32'
/></A></td>
<td align=
"center" width=
"100%">Python Library Reference
</td>
<td class='online-navigation'
><a rel=
"contents" title=
"Table of Contents"
href=
"contents.html"><img src='../icons/contents.png'
border='
0' height='
32' alt='Contents' width='
32'
/></A></td>
<td class='online-navigation'
><a href=
"modindex.html" title=
"Module Index"><img src='../icons/modules.png'
border='
0' height='
32' alt='Module Index' width='
32'
/></a></td>
<td class='online-navigation'
><a rel=
"index" title=
"Index"
href=
"genindex.html"><img src='../icons/index.png'
border='
0' height='
32' alt='Index' width='
32'
/></A></td>
<div class='online-navigation'
>
<b class=
"navlabel">Previous:
</b>
<a class=
"sectref" rel=
"prev" href=
"restricted.html">17. Restricted Execution
</A>
<b class=
"navlabel">Up:
</b>
<a class=
"sectref" rel=
"parent" href=
"restricted.html">17. Restricted Execution
</A>
<b class=
"navlabel">Next:
</b>
<a class=
"sectref" rel=
"next" href=
"rexec-objects.html">17.1.1 RExec Objects
</A>
<span class=
"release-info">Release
2.4.2, documentation updated on
28 September
2005.
</span>
<!--End of Navigation Panel-->
See
<i><a href=
"about.html">About this document...
</a></i> for information on suggesting changes.