Safe Python Environment in Linux

Question

Is it possible to create an environment to safely run arbitrary Python scripts under Linux? Those scripts are supposed to be received from untrusted people and may be too large to check them manually.

A very brute-force solution is to create a virtual machine and restore its initial state after every launch of an untrusted script. (Too expensive.)

I wonder if it's possible to restrict Python from accessing the file system and interacting with other programs and so on.

Similar Qs on sandboxing/jailing processes in Linux or Unix: * unix.stackexchange.com/q/6433/4319 * stackoverflow.com/q/3859710/94687 * stackoverflow.com/q/4410447/94687 * stackoverflow.com/q/4249063/94687 * stackoverflow.com/q/1019707/94687 — imz -- Ivan Zakharyaschev
– imz -- Ivan Zakharyaschev, Commented Mar 13, 2011 at 13:46

SpliFF · Accepted Answer · 2009-05-20 09:25:34Z

4

Consider using a chroot jail. Not only is this very secure, well-supported and tested but it also applies to external applications you run from python.

edited May 20, 2009 at 9:25

answered May 20, 2009 at 9:05

SpliFF

39.1k16 gold badges95 silver badges122 bronze badges

Sign up to request clarification or add additional context in comments.

Comments

Edd Barrett · Accepted Answer · 2009-05-20 09:48:15Z

4

There are 4 things you may try:

As you already mentioned, using a virtual machine or some other form of virtualisation (perhaps solaris zones are lightweight enough?). If the script breaks the OS there then you don't care.
Using chroot, which puts a shell session into a virtual root directory, separate from the main OS root directory.
Using systrace. Think of this as a firewall for system calls.
Using a "jail", which builds upon systrace, giving each jail it's own process table etc.

Systrace has been compromised recently, so be aware of that.

answered May 20, 2009 at 9:48

Edd Barrett

3,6853 gold badges34 silver badges54 bronze badges

Comments

Guillaume · Accepted Answer · 2009-05-20 09:44:35Z

2

You could run jython and use the sandboxing mechanism from the JVM. The sandboxing in the JVM is very strong very well understood and more or less well documented. It will take some time to define exactly what you want to allow and what you dnt want to allow, but you should be able to get a very strong security from that ...

On the other side, jython is not 100% compatible with cPython ...

answered May 20, 2009 at 9:44

Guillaume

19k8 gold badges56 silver badges76 bronze badges

Comments

Michael Kuhn · Accepted Answer · 2009-05-20 08:54:45Z

1

Try searching for "sandboxing python", e.g.:

http://wiki.python.org/moin/SandboxedPython

http://wiki.python.org/moin/How%20can%20I%20run%20an%20untrusted%20Python%20script%20safely%20(i.e.%20Sandbox)

answered May 20, 2009 at 8:54

Michael Kuhn

9,1326 gold badges29 silver badges27 bronze badges

Comments

theheadofabroom · Accepted Answer · 2011-03-13 14:18:06Z

1

could you not just run as a user which has no access to anything but the scripts in that directory?

answered Mar 13, 2011 at 14:18

theheadofabroom

22.5k5 gold badges35 silver badges65 bronze badges

Collectives™ on Stack Overflow

Safe Python Environment in Linux

5 Answers 5

Comments

Comments

Comments

Comments

Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

5 Answers 5

Comments

Comments

Comments

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related