Secure Python intepreter?

Is there a secure Python intepreter?

Imagine a Python VM you can run on your machine, that restricts the operations. No files can be 开发者_运维技巧opened, no system calls, etc. It just transforms stdin to stdout, maybe with text processing + math etc.

Does such a secure Python VM exist?

I know of no such "secure interpreter" that is openly distributed (obviously Google has one that it uses in App Engine, though with somewhat different restrictions from those you desire, e.g., certain files can be opened, in a read-only way). There are some claims for it, though, e.g. here, though I can't verify them. Pypy's Python in a Sandbox is probably the top one worth trying, given the high quality and reputation of pypy's development team (they're VERY unlikely to make unsubstantiated claims).

You could run Jython on the JVM with a SecurityManager that allows you to specify permitted / disallowed operations.

You don't need a modified Python to restrict execution in a certain sense. Just look at codepad.org, a pastebin where you can paste code (in Python and other languages) and have it run and the output shown. The code runs in a very restricted environment, but that's just the OS configuration. (Example paste)

You could run IronPython inside a .NET appdomain that has restricted privileges.

This would definitely work in Windows, and possibly/probably in Mono (I couldn't really say).

You would need to write a little program that embeds the IronPython interpreter and passes the script to it.

The first example in the chapter on embedding in the book Iron Python in Action shows to write such a launcher.

I don't recall if it covers appdomains, but that info should be on the Web somewhere.

I am an undergrad and in my first year, we were taught python. We had these things called "CodeLabs" that had to be submitted periodically. It works by asking a question and asking the student to input their answer into a text box and running that code on some test cases and checking their return values

One day, the codelabs website (turingscraft.com) became inaccessible because someone decided to run an endless while loop and calling os.fork() inside it.

This was obviously a problem for the administrators of turingscraft.com. However, they later found a way to restrict access to such commands for students.

If I were you, I would look up information about their site. Maybe they posted some information about this and how to fix it

You could always go to the source code and make your own flavor of Python. If enough people need it, it will be no time before it's up and running.

I've been toying with this lately. My requirements include Python 3.x which immediately takes solutions like Jython and IronPython off the table. I'd be hesitant to take that route anyway, as I've never trusted user-mode language VMs.

That being the case, for my purposes the best solution so far is to take it out of the hands of the interpreter completely and run in a strongly locked-down container (OpenVZ or similar). However, this is taking a hammer to the problem (albeit not the sledgehammer of full virtualization), and may not be viable if you have to run a truly huge number of isolated interpreters.

One upside, though, is that because it doesn't rely on the security of any particular interpreter, you can use any arbitrary language you want in the environment -- you don't have to tie yourself to Python or the set of languages/implementations available for JVM or .NET/Mono.

Isn't security more a job for the operating system ?

I mean, create a user with restricted access to files and such. Then let the vm be ran only with these rights.

Or maybe I'm speaking nonsense. I'm no sysadmin or security expert, but I tend to do things with the tools that are made for it.