Gustavo Niemeyer wrote:
> This weekend I'm going to work on a "restricted" python interpreter for
> http://acm.uva.es/problemset/. That site offers online programming
> contests, including an online judge to check algorithm implementations
> for hundreds of problems. I belive it'd be nice for the Python community
> to have access to something like that.
>
> This interpreter should have limited functionality so that malicious users
> won't be able to access the filesystem, sockets, and other "dangerous"
> functionality.
If i were to seriously do something like this i'd try to use 'jails'
as found in free-bsd or similar in UserModeLinux (haven't really
checked the lattter). They offer kernel-level sandboxes
and if your execution runs within them it can't compromise the
system even if its manages to become the root user.
there is a fine introductory read regarding security granularity and
about jails:
http://docs.freebsd.org/44doc/papers/jail/jail.html
have fun,
holger
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4