[OpenSPARC-T2-SAM] / sam-t2 / devtools / v8plus / html / python / lib / module-rexec.html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<link rel="STYLESHEET" href="lib.css" type='text/css' />
<link rel="SHORTCUT ICON" href="../icons/pyfav.png" type="image/png" />
<link rel='start' href='../index.html' title='Python Documentation Index' />
<link rel="first" href="lib.html" title='Python Library Reference' />
<link rel='contents' href='contents.html' title="Contents" />
<link rel='index' href='genindex.html' title='Index' />
<link rel='last' href='about.html' title='About this document...' />
<link rel='help' href='about.html' title='About this document...' />
<link rel="next" href="module-Bastion.html" />
<link rel="prev" href="restricted.html" />
<link rel="parent" href="restricted.html" />
<link rel="next" href="rexec-objects.html" />
<meta name='aesop' content='information' />
<title>17.1 rexec -- Restricted execution framework</title>
</head>
<body>
<DIV CLASS="navigation">
<div id='top-navigation-panel' xml:id='top-navigation-panel'>
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td class='online-navigation'><a rel="prev" title="17. Restricted Execution"
  href="restricted.html"><img src='../icons/previous.png'
  border='0' height='32'  alt='Previous Page' width='32' /></A></td>
<td class='online-navigation'><a rel="parent" title="17. Restricted Execution"
  href="restricted.html"><img src='../icons/up.png'
  border='0' height='32'  alt='Up One Level' width='32' /></A></td>
<td class='online-navigation'><a rel="next" title="17.1.1 RExec Objects"
  href="rexec-objects.html"><img src='../icons/next.png'
  border='0' height='32'  alt='Next Page' width='32' /></A></td>
<td align="center" width="100%">Python Library Reference</td>
<td class='online-navigation'><a rel="contents" title="Table of Contents"
  href="contents.html"><img src='../icons/contents.png'
  border='0' height='32'  alt='Contents' width='32' /></A></td>
<td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png'
  border='0' height='32'  alt='Module Index' width='32' /></a></td>
<td class='online-navigation'><a rel="index" title="Index"
  href="genindex.html"><img src='../icons/index.png'
  border='0' height='32'  alt='Index' width='32' /></A></td>
</tr></table>
<div class='online-navigation'>
<b class="navlabel">Previous:</b>
<a class="sectref" rel="prev" href="restricted.html">17. Restricted Execution</A>
<b class="navlabel">Up:</b>
<a class="sectref" rel="parent" href="restricted.html">17. Restricted Execution</A>
<b class="navlabel">Next:</b>
<a class="sectref" rel="next" href="rexec-objects.html">17.1.1 RExec Objects</A>
</div>
<hr /></div>
</DIV>
<!--End of Navigation Panel-->

<H1><A NAME="SECTION0019100000000000000000">
17.1 <tt class="module">rexec</tt> --
         Restricted execution framework</A>
</H1>

<P>
<A NAME="module-rexec"></A>

<span class="versionnote">Changed in version 2.3:
Disabled module.</span>

<P>
<div class="warning"><b class="label">Warning:</b>

  The documentation has been left in place to help in reading old code
  that uses the module.
</div>

<P>
This module contains the <tt class="class">RExec</tt> class, which supports
<tt class="method">r_eval()</tt>, <tt class="method">r_execfile()</tt>, <tt class="method">r_exec()</tt>, and
<tt class="method">r_import()</tt> methods, which are restricted versions of the standard
Python functions <tt class="method">eval()</tt>, <tt class="method">execfile()</tt> and
the <tt class="keyword">exec</tt> and <tt class="keyword">import</tt> statements.
Code executed in this restricted environment will
only have access to modules and functions that are deemed safe; you
can subclass <tt class="class">RExec</tt> to add or remove capabilities as desired.

<P>
<div class="warning"><b class="label">Warning:</b>

  While the <tt class="module">rexec</tt> module is designed to perform as described
  below, it does have a few known vulnerabilities which could be
  exploited by carefully written code.  Thus it should not be relied
  upon in situations requiring ``production ready'' security.  In such
  situations, execution via sub-processes or very careful
  ``cleansing'' of both code and data to be processed may be
  necessary.  Alternatively, help in patching known <tt class="module">rexec</tt>
  vulnerabilities would be welcomed.
</div>

<P>
<div class="note"><b class="label">Note:</b>
The <tt class="class">RExec</tt> class can prevent code from performing unsafe
  operations like reading or writing disk files, or using TCP/IP
  sockets.  However, it does not protect against code using extremely
  large amounts of memory or processor time.
</div>

<P>
<dl><dt><table cellpadding="0" cellspacing="0"><tr valign="baseline">
  <td><nobr><b><span class="typelabel">class</span>&nbsp;<tt id='l2h-4913' xml:id='l2h-4913' class="class">RExec</tt></b>(</nobr></td>
  <td><var></var><big>[</big><var>hooks</var><big>[</big><var>, verbose</var><big>]</big><var></var><big>]</big><var></var>)</td></tr></table></dt>
<dd>
Returns an instance of the <tt class="class">RExec</tt> class.  

<P>
<var>hooks</var> is an instance of the <tt class="class">RHooks</tt> class or a subclass of it.
If it is omitted or <code>None</code>, the default <tt class="class">RHooks</tt> class is
instantiated.
Whenever the <tt class="module">rexec</tt> module searches for a module (even a
built-in one) or reads a module's code, it doesn't actually go out to
the file system itself.  Rather, it calls methods of an <tt class="class">RHooks</tt>
instance that was passed to or created by its constructor.  (Actually,
the <tt class="class">RExec</tt> object doesn't make these calls -- they are made by
a module loader object that's part of the <tt class="class">RExec</tt> object.  This
allows another level of flexibility, which can be useful when changing
the mechanics of <tt class="keyword">import</tt> within the restricted environment.)

<P>
By providing an alternate <tt class="class">RHooks</tt> object, we can control the
file system accesses made to import a module, without changing the
actual algorithm that controls the order in which those accesses are
made.  For instance, we could substitute an <tt class="class">RHooks</tt> object that
passes all filesystem requests to a file server elsewhere, via some
RPC mechanism such as ILU.  Grail's applet loader uses this to support
importing applets from a URL for a directory.

<P>
If <var>verbose</var> is true, additional debugging output may be sent to
standard output.
</dl>

<P>
It is important to be aware that code running in a restricted
environment can still call the <tt class="function">sys.exit()</tt> function.  To
disallow restricted code from exiting the interpreter, always protect
calls that cause restricted code to run with a
<tt class="keyword">try</tt>/<tt class="keyword">except</tt> statement that catches the
<tt class="exception">SystemExit</tt> exception.  Removing the <tt class="function">sys.exit()</tt>
function from the restricted environment is not sufficient -- the
restricted code could still use <code>raise SystemExit</code>.  Removing
<tt class="exception">SystemExit</tt> is not a reasonable option; some library code
makes use of this and would break were it not available.

<P>
<div class="seealso">
  <p class="heading">See Also:</p>

  <dl compact="compact" class="seetitle">
    <dt><em class="citetitle"><a href="http://grail.sourceforge.net/"
        >Grail Home Page</a></em></dt>
    <dd>Grail is a
            Web browser written entirely in Python.  It uses the
            <tt class="module">rexec</tt> module as a foundation for supporting
            Python applets, and can be used as an example usage of
            this module.</dd>
  </dl>
</div>

<P>

<p><br /></p><hr class='online-navigation' />
<div class='online-navigation'>
<!--Table of Child-Links-->
<A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></a>

<UL CLASS="ChildLinks">
<LI><A href="rexec-objects.html">17.1.1 RExec Objects</a>
<LI><A href="rexec-extension.html">17.1.2 Defining restricted environments</a>
<LI><A href="node763.html">17.1.3 An example</a>
</ul>
<!--End of Table of Child-Links-->
</div>

<DIV CLASS="navigation">
<div class='online-navigation'>
<p></p><hr />
<table align="center" width="100%" cellpadding="0" cellspacing="2">
<tr>
<td class='online-navigation'><a rel="prev" title="17. Restricted Execution"
  href="restricted.html"><img src='../icons/previous.png'
  border='0' height='32'  alt='Previous Page' width='32' /></A></td>
<td class='online-navigation'><a rel="parent" title="17. Restricted Execution"
  href="restricted.html"><img src='../icons/up.png'
  border='0' height='32'  alt='Up One Level' width='32' /></A></td>
<td class='online-navigation'><a rel="next" title="17.1.1 RExec Objects"
  href="rexec-objects.html"><img src='../icons/next.png'
  border='0' height='32'  alt='Next Page' width='32' /></A></td>
<td align="center" width="100%">Python Library Reference</td>
<td class='online-navigation'><a rel="contents" title="Table of Contents"
  href="contents.html"><img src='../icons/contents.png'
  border='0' height='32'  alt='Contents' width='32' /></A></td>
<td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png'
  border='0' height='32'  alt='Module Index' width='32' /></a></td>
<td class='online-navigation'><a rel="index" title="Index"
  href="genindex.html"><img src='../icons/index.png'
  border='0' height='32'  alt='Index' width='32' /></A></td>
</tr></table>
<div class='online-navigation'>
<b class="navlabel">Previous:</b>
<a class="sectref" rel="prev" href="restricted.html">17. Restricted Execution</A>
<b class="navlabel">Up:</b>
<a class="sectref" rel="parent" href="restricted.html">17. Restricted Execution</A>
<b class="navlabel">Next:</b>
<a class="sectref" rel="next" href="rexec-objects.html">17.1.1 RExec Objects</A>
</div>
</div>
<hr />
<span class="release-info">Release 2.4.2, documentation updated on 28 September 2005.</span>
</DIV>
<!--End of Navigation Panel-->
<ADDRESS>
See <i><a href="about.html">About this document...</a></i> for information on suggesting changes.
</ADDRESS>
</BODY>
</HTML>
Commit	Line	Data
920dae64 AT	1	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
	2	<html>
	3	<head>
	4	<link rel="STYLESHEET" href="lib.css" type='text/css' />
	5	<link rel="SHORTCUT ICON" href="../icons/pyfav.png" type="image/png" />
	6	<link rel='start' href='../index.html' title='Python Documentation Index' />
	7	<link rel="first" href="lib.html" title='Python Library Reference' />
	8	<link rel='contents' href='contents.html' title="Contents" />
	9	<link rel='index' href='genindex.html' title='Index' />
	10	<link rel='last' href='about.html' title='About this document...' />
	11	<link rel='help' href='about.html' title='About this document...' />
	12	<link rel="next" href="module-Bastion.html" />
	13	<link rel="prev" href="restricted.html" />
	14	<link rel="parent" href="restricted.html" />
	15	<link rel="next" href="rexec-objects.html" />
	16	<meta name='aesop' content='information' />
	17	<title>17.1 rexec -- Restricted execution framework</title>
	18	</head>
	19	<body>
	20	<DIV CLASS="navigation">
	21	<div id='top-navigation-panel' xml:id='top-navigation-panel'>
	22	<table align="center" width="100%" cellpadding="0" cellspacing="2">
	23	<tr>
	24	<td class='online-navigation'><a rel="prev" title="17. Restricted Execution"
	25	href="restricted.html"><img src='../icons/previous.png'
	26	border='0' height='32' alt='Previous Page' width='32' /></A></td>
	27	<td class='online-navigation'><a rel="parent" title="17. Restricted Execution"
	28	href="restricted.html"><img src='../icons/up.png'
	29	border='0' height='32' alt='Up One Level' width='32' /></A></td>
	30	<td class='online-navigation'><a rel="next" title="17.1.1 RExec Objects"
	31	href="rexec-objects.html"><img src='../icons/next.png'
	32	border='0' height='32' alt='Next Page' width='32' /></A></td>
	33	<td align="center" width="100%">Python Library Reference</td>
	34	<td class='online-navigation'><a rel="contents" title="Table of Contents"
	35	href="contents.html"><img src='../icons/contents.png'
	36	border='0' height='32' alt='Contents' width='32' /></A></td>
	37	<td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png'
	38	border='0' height='32' alt='Module Index' width='32' /></a></td>
	39	<td class='online-navigation'><a rel="index" title="Index"
	40	href="genindex.html"><img src='../icons/index.png'
	41	border='0' height='32' alt='Index' width='32' /></A></td>
	42	</tr></table>
	43	<div class='online-navigation'>
	44	<b class="navlabel">Previous:</b>
	45	<a class="sectref" rel="prev" href="restricted.html">17. Restricted Execution</A>
	46	<b class="navlabel">Up:</b>
	47	<a class="sectref" rel="parent" href="restricted.html">17. Restricted Execution</A>
	48	<b class="navlabel">Next:</b>
	49	<a class="sectref" rel="next" href="rexec-objects.html">17.1.1 RExec Objects</A>
	50	</div>
	51	<hr /></div>
	52	</DIV>
	53	<!--End of Navigation Panel-->
	54
	55	<H1><A NAME="SECTION0019100000000000000000">
	56	17.1 <tt class="module">rexec</tt> --
	57	Restricted execution framework</A>
	58	</H1>
	59
	60	<P>
	61	<A NAME="module-rexec"></A>
	62
	63	<span class="versionnote">Changed in version 2.3:
	64	Disabled module.</span>
65
66	<P>
67	<div class="warning"><b class="label">Warning:</b>
68
69	The documentation has been left in place to help in reading old code
70	that uses the module.
71	</div>
72
73	<P>
74	This module contains the <tt class="class">RExec</tt> class, which supports
75	<tt class="method">r_eval()</tt>, <tt class="method">r_execfile()</tt>, <tt class="method">r_exec()</tt>, and
76	<tt class="method">r_import()</tt> methods, which are restricted versions of the standard
77	Python functions <tt class="method">eval()</tt>, <tt class="method">execfile()</tt> and
78	the <tt class="keyword">exec</tt> and <tt class="keyword">import</tt> statements.
79	Code executed in this restricted environment will
80	only have access to modules and functions that are deemed safe; you
81	can subclass <tt class="class">RExec</tt> to add or remove capabilities as desired.
82
83	<P>
84	<div class="warning"><b class="label">Warning:</b>
85
86	While the <tt class="module">rexec</tt> module is designed to perform as described
87	below, it does have a few known vulnerabilities which could be
88	exploited by carefully written code. Thus it should not be relied
89	upon in situations requiring ``production ready'' security. In such
90	situations, execution via sub-processes or very careful
91	``cleansing'' of both code and data to be processed may be
92	necessary. Alternatively, help in patching known <tt class="module">rexec</tt>
93	vulnerabilities would be welcomed.
94	</div>
95
96	<P>
97	<div class="note"><b class="label">Note:</b>
98	The <tt class="class">RExec</tt> class can prevent code from performing unsafe
99	operations like reading or writing disk files, or using TCP/IP
100	sockets. However, it does not protect against code using extremely
101	large amounts of memory or processor time.
102	</div>
103
104	<P>
105	<dl><dt><table cellpadding="0" cellspacing="0"><tr valign="baseline">
106	<td><nobr><b><span class="typelabel">class</span> <tt id='l2h-4913' xml:id='l2h-4913' class="class">RExec</tt></b>(</nobr></td>
107	<td><var></var><big>[</big><var>hooks</var><big>[</big><var>, verbose</var><big>]</big><var></var><big>]</big><var></var>)</td></tr></table></dt>
108	<dd>
109	Returns an instance of the <tt class="class">RExec</tt> class.
110
111	<P>
112	<var>hooks</var> is an instance of the <tt class="class">RHooks</tt> class or a subclass of it.
113	If it is omitted or <code>None</code>, the default <tt class="class">RHooks</tt> class is
114	instantiated.
115	Whenever the <tt class="module">rexec</tt> module searches for a module (even a
116	built-in one) or reads a module's code, it doesn't actually go out to
117	the file system itself. Rather, it calls methods of an <tt class="class">RHooks</tt>
118	instance that was passed to or created by its constructor. (Actually,
119	the <tt class="class">RExec</tt> object doesn't make these calls -- they are made by
120	a module loader object that's part of the <tt class="class">RExec</tt> object. This
121	allows another level of flexibility, which can be useful when changing
122	the mechanics of <tt class="keyword">import</tt> within the restricted environment.)
123
124	<P>
125	By providing an alternate <tt class="class">RHooks</tt> object, we can control the
126	file system accesses made to import a module, without changing the
127	actual algorithm that controls the order in which those accesses are
128	made. For instance, we could substitute an <tt class="class">RHooks</tt> object that
129	passes all filesystem requests to a file server elsewhere, via some
130	RPC mechanism such as ILU. Grail's applet loader uses this to support
131	importing applets from a URL for a directory.
132
133	<P>
134	If <var>verbose</var> is true, additional debugging output may be sent to
135	standard output.
136	</dl>
137
138	<P>
139	It is important to be aware that code running in a restricted
140	environment can still call the <tt class="function">sys.exit()</tt> function. To
141	disallow restricted code from exiting the interpreter, always protect
142	calls that cause restricted code to run with a
143	<tt class="keyword">try</tt>/<tt class="keyword">except</tt> statement that catches the
144	<tt class="exception">SystemExit</tt> exception. Removing the <tt class="function">sys.exit()</tt>
145	function from the restricted environment is not sufficient -- the
146	restricted code could still use <code>raise SystemExit</code>. Removing
147	<tt class="exception">SystemExit</tt> is not a reasonable option; some library code
148	makes use of this and would break were it not available.
149
150	<P>
151	<div class="seealso">
152	<p class="heading">See Also:</p>
153
154	<dl compact="compact" class="seetitle">
155	<dt><em class="citetitle"><a href="http://grail.sourceforge.net/"
156	>Grail Home Page</a></em></dt>
157	<dd>Grail is a
158	Web browser written entirely in Python. It uses the
159	<tt class="module">rexec</tt> module as a foundation for supporting
160	Python applets, and can be used as an example usage of
161	this module.</dd>
162	</dl>
163	</div>
164
165	<P>
166
167	<p><br /></p><hr class='online-navigation' />
168	<div class='online-navigation'>
169	<!--Table of Child-Links-->
170	<A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></a>
171
172	<UL CLASS="ChildLinks">
173	<LI><A href="rexec-objects.html">17.1.1 RExec Objects</a>
174	<LI><A href="rexec-extension.html">17.1.2 Defining restricted environments</a>
175	<LI><A href="node763.html">17.1.3 An example</a>
176	</ul>
177	<!--End of Table of Child-Links-->
178	</div>
179
180	<DIV CLASS="navigation">
181	<div class='online-navigation'>
182	<p></p><hr />
183	<table align="center" width="100%" cellpadding="0" cellspacing="2">
184	<tr>
185	<td class='online-navigation'><a rel="prev" title="17. Restricted Execution"
186	href="restricted.html"><img src='../icons/previous.png'
187	border='0' height='32' alt='Previous Page' width='32' /></A></td>
188	<td class='online-navigation'><a rel="parent" title="17. Restricted Execution"
189	href="restricted.html"><img src='../icons/up.png'
190	border='0' height='32' alt='Up One Level' width='32' /></A></td>
191	<td class='online-navigation'><a rel="next" title="17.1.1 RExec Objects"
192	href="rexec-objects.html"><img src='../icons/next.png'
193	border='0' height='32' alt='Next Page' width='32' /></A></td>
194	<td align="center" width="100%">Python Library Reference</td>
195	<td class='online-navigation'><a rel="contents" title="Table of Contents"
196	href="contents.html"><img src='../icons/contents.png'
197	border='0' height='32' alt='Contents' width='32' /></A></td>
198	<td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png'
199	border='0' height='32' alt='Module Index' width='32' /></a></td>
200	<td class='online-navigation'><a rel="index" title="Index"
201	href="genindex.html"><img src='../icons/index.png'
202	border='0' height='32' alt='Index' width='32' /></A></td>
203	</tr></table>
204	<div class='online-navigation'>
205	<b class="navlabel">Previous:</b>
206	<a class="sectref" rel="prev" href="restricted.html">17. Restricted Execution</A>
207	<b class="navlabel">Up:</b>
208	<a class="sectref" rel="parent" href="restricted.html">17. Restricted Execution</A>
209	<b class="navlabel">Next:</b>
210	<a class="sectref" rel="next" href="rexec-objects.html">17.1.1 RExec Objects</A>
211	</div>
212	</div>
213	<hr />
214	<span class="release-info">Release 2.4.2, documentation updated on 28 September 2005.</span>
215	</DIV>
216	<!--End of Navigation Panel-->
217	<ADDRESS>
218	See <i><a href="about.html">About this document...</a></i> for information on suggesting changes.
219	</ADDRESS>
220	</BODY>
221	</HTML>