Commit | Line | Data |
---|---|---|
920dae64 AT |
1 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> |
2 | <html> | |
3 | <head> | |
4 | <link rel="STYLESHEET" href="lib.css" type='text/css' /> | |
5 | <link rel="SHORTCUT ICON" href="../icons/pyfav.png" type="image/png" /> | |
6 | <link rel='start' href='../index.html' title='Python Documentation Index' /> | |
7 | <link rel="first" href="lib.html" title='Python Library Reference' /> | |
8 | <link rel='contents' href='contents.html' title="Contents" /> | |
9 | <link rel='index' href='genindex.html' title='Index' /> | |
10 | <link rel='last' href='about.html' title='About this document...' /> | |
11 | <link rel='help' href='about.html' title='About this document...' /> | |
12 | <link rel="next" href="module-Bastion.html" /> | |
13 | <link rel="prev" href="restricted.html" /> | |
14 | <link rel="parent" href="restricted.html" /> | |
15 | <link rel="next" href="rexec-objects.html" /> | |
16 | <meta name='aesop' content='information' /> | |
17 | <title>17.1 rexec -- Restricted execution framework</title> | |
18 | </head> | |
19 | <body> | |
20 | <DIV CLASS="navigation"> | |
21 | <div id='top-navigation-panel' xml:id='top-navigation-panel'> | |
22 | <table align="center" width="100%" cellpadding="0" cellspacing="2"> | |
23 | <tr> | |
24 | <td class='online-navigation'><a rel="prev" title="17. Restricted Execution" | |
25 | href="restricted.html"><img src='../icons/previous.png' | |
26 | border='0' height='32' alt='Previous Page' width='32' /></A></td> | |
27 | <td class='online-navigation'><a rel="parent" title="17. Restricted Execution" | |
28 | href="restricted.html"><img src='../icons/up.png' | |
29 | border='0' height='32' alt='Up One Level' width='32' /></A></td> | |
30 | <td class='online-navigation'><a rel="next" title="17.1.1 RExec Objects" | |
31 | href="rexec-objects.html"><img src='../icons/next.png' | |
32 | border='0' height='32' alt='Next Page' width='32' /></A></td> | |
33 | <td align="center" width="100%">Python Library Reference</td> | |
34 | <td class='online-navigation'><a rel="contents" title="Table of Contents" | |
35 | href="contents.html"><img src='../icons/contents.png' | |
36 | border='0' height='32' alt='Contents' width='32' /></A></td> | |
37 | <td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png' | |
38 | border='0' height='32' alt='Module Index' width='32' /></a></td> | |
39 | <td class='online-navigation'><a rel="index" title="Index" | |
40 | href="genindex.html"><img src='../icons/index.png' | |
41 | border='0' height='32' alt='Index' width='32' /></A></td> | |
42 | </tr></table> | |
43 | <div class='online-navigation'> | |
44 | <b class="navlabel">Previous:</b> | |
45 | <a class="sectref" rel="prev" href="restricted.html">17. Restricted Execution</A> | |
46 | <b class="navlabel">Up:</b> | |
47 | <a class="sectref" rel="parent" href="restricted.html">17. Restricted Execution</A> | |
48 | <b class="navlabel">Next:</b> | |
49 | <a class="sectref" rel="next" href="rexec-objects.html">17.1.1 RExec Objects</A> | |
50 | </div> | |
51 | <hr /></div> | |
52 | </DIV> | |
53 | <!--End of Navigation Panel--> | |
54 | ||
55 | <H1><A NAME="SECTION0019100000000000000000"> | |
56 | 17.1 <tt class="module">rexec</tt> -- | |
57 | Restricted execution framework</A> | |
58 | </H1> | |
59 | ||
60 | <P> | |
61 | <A NAME="module-rexec"></A> | |
62 | ||
63 | <span class="versionnote">Changed in version 2.3: | |
64 | Disabled module.</span> | |
65 | ||
66 | <P> | |
67 | <div class="warning"><b class="label">Warning:</b> | |
68 | ||
69 | The documentation has been left in place to help in reading old code | |
70 | that uses the module. | |
71 | </div> | |
72 | ||
73 | <P> | |
74 | This module contains the <tt class="class">RExec</tt> class, which supports | |
75 | <tt class="method">r_eval()</tt>, <tt class="method">r_execfile()</tt>, <tt class="method">r_exec()</tt>, and | |
76 | <tt class="method">r_import()</tt> methods, which are restricted versions of the standard | |
77 | Python functions <tt class="method">eval()</tt>, <tt class="method">execfile()</tt> and | |
78 | the <tt class="keyword">exec</tt> and <tt class="keyword">import</tt> statements. | |
79 | Code executed in this restricted environment will | |
80 | only have access to modules and functions that are deemed safe; you | |
81 | can subclass <tt class="class">RExec</tt> to add or remove capabilities as desired. | |
82 | ||
83 | <P> | |
84 | <div class="warning"><b class="label">Warning:</b> | |
85 | ||
86 | While the <tt class="module">rexec</tt> module is designed to perform as described | |
87 | below, it does have a few known vulnerabilities which could be | |
88 | exploited by carefully written code. Thus it should not be relied | |
89 | upon in situations requiring ``production ready'' security. In such | |
90 | situations, execution via sub-processes or very careful | |
91 | ``cleansing'' of both code and data to be processed may be | |
92 | necessary. Alternatively, help in patching known <tt class="module">rexec</tt> | |
93 | vulnerabilities would be welcomed. | |
94 | </div> | |
95 | ||
96 | <P> | |
97 | <div class="note"><b class="label">Note:</b> | |
98 | The <tt class="class">RExec</tt> class can prevent code from performing unsafe | |
99 | operations like reading or writing disk files, or using TCP/IP | |
100 | sockets. However, it does not protect against code using extremely | |
101 | large amounts of memory or processor time. | |
102 | </div> | |
103 | ||
104 | <P> | |
105 | <dl><dt><table cellpadding="0" cellspacing="0"><tr valign="baseline"> | |
106 | <td><nobr><b><span class="typelabel">class</span> <tt id='l2h-4913' xml:id='l2h-4913' class="class">RExec</tt></b>(</nobr></td> | |
107 | <td><var></var><big>[</big><var>hooks</var><big>[</big><var>, verbose</var><big>]</big><var></var><big>]</big><var></var>)</td></tr></table></dt> | |
108 | <dd> | |
109 | Returns an instance of the <tt class="class">RExec</tt> class. | |
110 | ||
111 | <P> | |
112 | <var>hooks</var> is an instance of the <tt class="class">RHooks</tt> class or a subclass of it. | |
113 | If it is omitted or <code>None</code>, the default <tt class="class">RHooks</tt> class is | |
114 | instantiated. | |
115 | Whenever the <tt class="module">rexec</tt> module searches for a module (even a | |
116 | built-in one) or reads a module's code, it doesn't actually go out to | |
117 | the file system itself. Rather, it calls methods of an <tt class="class">RHooks</tt> | |
118 | instance that was passed to or created by its constructor. (Actually, | |
119 | the <tt class="class">RExec</tt> object doesn't make these calls -- they are made by | |
120 | a module loader object that's part of the <tt class="class">RExec</tt> object. This | |
121 | allows another level of flexibility, which can be useful when changing | |
122 | the mechanics of <tt class="keyword">import</tt> within the restricted environment.) | |
123 | ||
124 | <P> | |
125 | By providing an alternate <tt class="class">RHooks</tt> object, we can control the | |
126 | file system accesses made to import a module, without changing the | |
127 | actual algorithm that controls the order in which those accesses are | |
128 | made. For instance, we could substitute an <tt class="class">RHooks</tt> object that | |
129 | passes all filesystem requests to a file server elsewhere, via some | |
130 | RPC mechanism such as ILU. Grail's applet loader uses this to support | |
131 | importing applets from a URL for a directory. | |
132 | ||
133 | <P> | |
134 | If <var>verbose</var> is true, additional debugging output may be sent to | |
135 | standard output. | |
136 | </dl> | |
137 | ||
138 | <P> | |
139 | It is important to be aware that code running in a restricted | |
140 | environment can still call the <tt class="function">sys.exit()</tt> function. To | |
141 | disallow restricted code from exiting the interpreter, always protect | |
142 | calls that cause restricted code to run with a | |
143 | <tt class="keyword">try</tt>/<tt class="keyword">except</tt> statement that catches the | |
144 | <tt class="exception">SystemExit</tt> exception. Removing the <tt class="function">sys.exit()</tt> | |
145 | function from the restricted environment is not sufficient -- the | |
146 | restricted code could still use <code>raise SystemExit</code>. Removing | |
147 | <tt class="exception">SystemExit</tt> is not a reasonable option; some library code | |
148 | makes use of this and would break were it not available. | |
149 | ||
150 | <P> | |
151 | <div class="seealso"> | |
152 | <p class="heading">See Also:</p> | |
153 | ||
154 | <dl compact="compact" class="seetitle"> | |
155 | <dt><em class="citetitle"><a href="http://grail.sourceforge.net/" | |
156 | >Grail Home Page</a></em></dt> | |
157 | <dd>Grail is a | |
158 | Web browser written entirely in Python. It uses the | |
159 | <tt class="module">rexec</tt> module as a foundation for supporting | |
160 | Python applets, and can be used as an example usage of | |
161 | this module.</dd> | |
162 | </dl> | |
163 | </div> | |
164 | ||
165 | <P> | |
166 | ||
167 | <p><br /></p><hr class='online-navigation' /> | |
168 | <div class='online-navigation'> | |
169 | <!--Table of Child-Links--> | |
170 | <A NAME="CHILD_LINKS"><STRONG>Subsections</STRONG></a> | |
171 | ||
172 | <UL CLASS="ChildLinks"> | |
173 | <LI><A href="rexec-objects.html">17.1.1 RExec Objects</a> | |
174 | <LI><A href="rexec-extension.html">17.1.2 Defining restricted environments</a> | |
175 | <LI><A href="node763.html">17.1.3 An example</a> | |
176 | </ul> | |
177 | <!--End of Table of Child-Links--> | |
178 | </div> | |
179 | ||
180 | <DIV CLASS="navigation"> | |
181 | <div class='online-navigation'> | |
182 | <p></p><hr /> | |
183 | <table align="center" width="100%" cellpadding="0" cellspacing="2"> | |
184 | <tr> | |
185 | <td class='online-navigation'><a rel="prev" title="17. Restricted Execution" | |
186 | href="restricted.html"><img src='../icons/previous.png' | |
187 | border='0' height='32' alt='Previous Page' width='32' /></A></td> | |
188 | <td class='online-navigation'><a rel="parent" title="17. Restricted Execution" | |
189 | href="restricted.html"><img src='../icons/up.png' | |
190 | border='0' height='32' alt='Up One Level' width='32' /></A></td> | |
191 | <td class='online-navigation'><a rel="next" title="17.1.1 RExec Objects" | |
192 | href="rexec-objects.html"><img src='../icons/next.png' | |
193 | border='0' height='32' alt='Next Page' width='32' /></A></td> | |
194 | <td align="center" width="100%">Python Library Reference</td> | |
195 | <td class='online-navigation'><a rel="contents" title="Table of Contents" | |
196 | href="contents.html"><img src='../icons/contents.png' | |
197 | border='0' height='32' alt='Contents' width='32' /></A></td> | |
198 | <td class='online-navigation'><a href="modindex.html" title="Module Index"><img src='../icons/modules.png' | |
199 | border='0' height='32' alt='Module Index' width='32' /></a></td> | |
200 | <td class='online-navigation'><a rel="index" title="Index" | |
201 | href="genindex.html"><img src='../icons/index.png' | |
202 | border='0' height='32' alt='Index' width='32' /></A></td> | |
203 | </tr></table> | |
204 | <div class='online-navigation'> | |
205 | <b class="navlabel">Previous:</b> | |
206 | <a class="sectref" rel="prev" href="restricted.html">17. Restricted Execution</A> | |
207 | <b class="navlabel">Up:</b> | |
208 | <a class="sectref" rel="parent" href="restricted.html">17. Restricted Execution</A> | |
209 | <b class="navlabel">Next:</b> | |
210 | <a class="sectref" rel="next" href="rexec-objects.html">17.1.1 RExec Objects</A> | |
211 | </div> | |
212 | </div> | |
213 | <hr /> | |
214 | <span class="release-info">Release 2.4.2, documentation updated on 28 September 2005.</span> | |
215 | </DIV> | |
216 | <!--End of Navigation Panel--> | |
217 | <ADDRESS> | |
218 | See <i><a href="about.html">About this document...</a></i> for information on suggesting changes. | |
219 | </ADDRESS> | |
220 | </BODY> | |
221 | </HTML> |