I am writing a server application with Java servlets and at some point, a Python script that was uploaded by a user has to be executed. Is it possible to create a process with restrictions like only beeing able to access a certain directory (probably using ProcessBuilder)?
I already had a look at pysandbox, but I am not sure if this alone is a safe enough measure when executing an unknown Python script.
All the script has to do is process a given String using certain libraries and return a String using the print function.
Is my approach correct or is there a better way to execute an unknown script?
-
There is no safe measure. Nothing will protect you.Jakob Bowyer– Jakob Bowyer2014年02月19日 10:43:46 +00:00Commented Feb 19, 2014 at 10:43
1 Answer 1
As a forward to my answer, whitelisting and blacklisting only go so far and are proven easily broken by the most determined of hackers. Don't bother with these styles of security.
About as safe as you are going to get is to use pypy-sandbox it creates an OS level sandbox and tries to isolate processes that could lead to nasty execution.
For real security you probably want something more like this following model.
- Using SELinux as the host fire up a virtual machine running SELinux
- Disable all ports except for SSH and ensure patches are up to date
- Upload the code to a non executable directory.
- Chroot and ulimit all the things
- Execute the code through pypy-sandbox
- Destroy the machine when execution is complete
Or maybe I am just paranoid.