Is there an alternative to rexec for Python sandboxing?

Question

Implementing a 'sandbox' environment in Python used to be done with the rexec module (http://docs.python.org/library/rexec.html). Unfortunately, it has been deprecated/removed due to some security vulnerabilities. Is there an alternative?

My goal is to have Python code execute semi-trusted Python scripts. In a perfect world, calls to any functions outside of a pre-defined set would raise exceptions. From what I've read about rexec's deprecation, this may not be possible. So I'll settle for as much as I can get. I can spawn a separate process to run the scripts, which helps a lot. But they could still abuse I/O or processor/memory resources.

Answer 1

You might want to provide your own __import__ to prevent inclusion of any modules you deem "abuse I/O or processor/memory resources."

You might want to start with pypy and create your own interpreter with limitations and constraints on resource use.

Answer 2

in cpython "sandboxing" for security reasons is a: "don't do that at your company kids"-thing.

try :

• jython with java "sandboxing"
• pypy -> see Answer S.Lott
• maybe ironpython has a solution ?

see Warning:

Warning

In Python 2.3 these modules have been disabled due to various known and not readily fixable security holes. The modules are still documented here to help in reading old code that uses the rexec and Bastion modules.

Answer 3

Your best bet for security in cPython is using OS-level sandboxing mechanisms and running untrusted code in a separate process constrained by the OS.

This is equivalent to using 'jython with java "sandboxing"', as per the answer above, but probably a little more difficult to configure.