Running insecure python code

Collapse
This topic is closed.
X
X
 
  • Time
  • Show
Clear All
new posts
  • Noen

    Running insecure python code

    Im developing a game where the players will program their equipment with
    python. Are there any ways to run insecure code? I dont want the clients
    to mess with the server-code through their own code, or even DOS the box
    by using up too much memory.

    Here is some examples of how the equipment should be programmed:
    ---
    # Proxmity explosive example

    import cpu

    explosive = cpu.connection( 0x01,"explosive ")
    motion_detector = cpu.connection( 0x02,"explosive ")
    class Main:
    def event_Motion(se lf):
    explosive.trigg er(delay=0)

    cpu.reg_event(m otion_detector. event_Motion, self.event_Moti on)
    cpu.start()

    ---
    # Broadcast chat equipment

    import cpu
    import io

    terminal = cpu.connection( 0x01,"User personal terminal connection")
    radio = cpu.connection( 0x02,"Radio tranceiver")
    mem = cpu.connection( 0x03,"Memory chip")
    if mem.get("FREQ") == None: freq = 12345 ; mem.store("FREQ ",12345)

    class Main:
    cpu.reg_event(r adio.receive, self.event_Mess age)
    cpu.reg_event(t erminal.input, self.event_Inpu t)
    def event_Message(s elf,message):
    terminal.write( message + "\r\n")
    def event_Input(sel f,data):
    if data[0] == "/":
    if string.upper(st ring.split(data[1:]))[0] == "CHANNEL":
    radio.setFreq(i nt(string.split (data)[2]))
    mem.store("FREQ ",int(string.sp lit(data)[2])
    else:
    radio.send(data )
    ---

    I see the following problems:
    1. looping code
    Are there any way to avoid this by checking the "eip" within a usercode?
    Is it possible to multiplex between user codes to avoid this?
    Is it possible to limit execution speed (set the cpu to 5 instructions
    pr second)

    2. blocking code / untrusted/insecure code
    Is there a effective way to limit the available functions the usercode?
    (perhaps like the java securityhandler way)

    3. memory-dos
    Limiting the storage size (or even forcing the user to store EVERYTHING
    in the mem object)


    I dont know if this is even possible (without modifying the python
    source, which would force me to perhaps seperate server code and user code)

  • Terry Reedy

    #2
    Re: Running insecure python code


    "Noen" <not.available@ na.no> wrote in message
    news:hQq%b.4160 4$BD3.8026233@j uliett.dax.net. ..[color=blue]
    > Im developing a game where the players will program their equipment with
    > python. Are there any ways to run insecure code?[/color]

    safely, without letting
    [color=blue]
    > clients mess with the server-code through their own code, or even DOS[/color]
    the box[color=blue]
    > by using up too much memory.[/color]

    There have been several threads on this topic. Quick answer: nothing as
    good as you would want. Stackless, with its tasklets, may be your best bet
    once updated to run with 2.3.3.

    Terry J. Reedy




    Comment

    • Bob Ippolito

      #3
      Re: Running insecure python code

      On 2004-02-26 21:21:37 -0500, "Terry Reedy" <tjreedy@udel.e du> said:
      [color=blue]
      >
      > "Noen" <not.available@ na.no> wrote in message
      > news:hQq%b.4160 4$BD3.8026233@j uliett.dax.net. ..[color=green]
      >> Im developing a game where the players will program their equipment with
      >> python. Are there any ways to run insecure code?[/color]
      >
      > safely, without letting
      >[color=green]
      > > clients mess with the server-code through their own code, or even DOS[/color]
      > the box[color=green]
      >> by using up too much memory.[/color]
      >
      > There have been several threads on this topic. Quick answer: nothing as
      > good as you would want. Stackless, with its tasklets, may be your best bet
      > once updated to run with 2.3.3.[/color]

      Even with stackless, you're not going to be able to stop them from
      using "too much memory". Besides, you can't stop a determined and
      experienced python hacker from getting ANYTHING (even if it's written
      in C) ;)

      Stackless 3.0 (Python 2.3.3) compiles and works just fine from CVS
      HEAD, and I believe windows binaries are even available. Of course,
      documentation is lacking, and we're planning to do quite a bit of stuff
      during the sprints next month.. but it's good enough to use if you want
      to.

      -bob

      Comment

      • Noen

        #4
        Re: Running insecure python code

        -----BEGIN PGP SIGNED MESSAGE-----
        Hash: SHA1

        Bob Ippolito wrote:
        Perhaps writing a new script language using the builtin parser module
        would solve the problems... Any pre-made scripting languages written in
        python out in the wild?

        | On 2004-02-26 21:21:37 -0500, "Terry Reedy" <tjreedy@udel.e du> said:
        |
        |>
        |> "Noen" <not.available@ na.no> wrote in message
        |> news:hQq%b.4160 4$BD3.8026233@j uliett.dax.net. ..
        |>
        |>> Im developing a game where the players will program their equipment with
        |>> python. Are there any ways to run insecure code?
        |>
        |>
        |> safely, without letting
        |>
        |> > clients mess with the server-code through their own code, or even DOS
        |> the box
        |>
        |>> by using up too much memory.
        |>
        |>
        |> There have been several threads on this topic. Quick answer: nothing as
        |> good as you would want. Stackless, with its tasklets, may be your
        |> best bet
        |> once updated to run with 2.3.3.
        |
        |
        | Even with stackless, you're not going to be able to stop them from using
        | "too much memory". Besides, you can't stop a determined and experienced
        | python hacker from getting ANYTHING (even if it's written in C) ;)
        |
        | Stackless 3.0 (Python 2.3.3) compiles and works just fine from CVS HEAD,
        | and I believe windows binaries are even available. Of course,
        | documentation is lacking, and we're planning to do quite a bit of stuff
        | during the sprints next month.. but it's good enough to use if you
        want to.
        |
        | -bob
        |

        -----BEGIN PGP SIGNATURE-----
        Version: GnuPG v1.2.4 (MingW32)
        Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

        iD8DBQFAP7kZ9vK lXPxSchIRAnFEAJ 9hyB2zj54ZWvm4x yCaXwMk+xeQAQCd GEqB
        4uZcunGZf7tO1xq S78QER8Q=
        =dFNj
        -----END PGP SIGNATURE-----

        Comment

        • Bob Ippolito

          #5
          Re: Running insecure python code

          You can try looking into PyPy or something. In practice, an
          interpreter written in Python is probably going to be far too slow to
          be used for any sort of modern game.

          You're probably better off just not worrying about the "safety" and
          giving them regular Python. When something secure and/or sufficiently
          multistate exists, you could migrate.

          There is also the possibility of running these user tasks in separate
          processes altogether (or in just one) and brokering objects between the
          two (i.e. sending pickles, or something more sanitized if you're REALLY
          concerned about security). This would let you use operating system
          facilities to monitor the resource consumption and would give you the
          same kind of security that you have between any two separate processes.
          The IDLE IDE actually does something like this for running an
          interpreter, and I believe it can even do debugging this way.

          -bob

          On 2004-02-27 16:39:36 -0500, Noen <not.available@ na.no> said:
          [color=blue]
          > Bob Ippolito wrote:
          > Perhaps writing a new script language using the builtin parser module
          > would solve the problems... Any pre-made scripting languages written in
          > python out in the wild?
          >
          > | On 2004-02-26 21:21:37 -0500, "Terry Reedy" <tjreedy@udel.e du> said:
          > |
          > |>
          > |> "Noen" <not.available@ na.no> wrote in message
          > |> news:hQq%b.4160 4$BD3.8026233@j uliett.dax.net. ..
          > |>
          > |>> Im developing a game where the players will program their equipment with
          > |>> python. Are there any ways to run insecure code?
          > |>
          > |>
          > |> safely, without letting
          > |>
          > |> > clients mess with the server-code through their own code, or even DOS
          > |> the box
          > |>
          > |>> by using up too much memory.
          > |>
          > |>
          > |> There have been several threads on this topic. Quick answer: nothing as
          > |> good as you would want. Stackless, with its tasklets, may be your
          > |> best bet
          > |> once updated to run with 2.3.3.
          > |
          > |
          > | Even with stackless, you're not going to be able to stop them from using
          > | "too much memory". Besides, you can't stop a determined and experienced
          > | python hacker from getting ANYTHING (even if it's written in C) ;)
          > |
          > | Stackless 3.0 (Python 2.3.3) compiles and works just fine from CVS HEAD,
          > | and I believe windows binaries are even available. Of course,
          > | documentation is lacking, and we're planning to do quite a bit of stuff
          > | during the sprints next month.. but it's good enough to use if you
          > want to.[/color]

          Comment

          Working...