Sign in to follow this  
Xetrov

Limiting access to python modules

Recommended Posts

I've got python embedded in my game to provide scripting for a number of different uses, not the least of which is the game logic. Eventually I expect users to be able to create mods by modifying these python scripts -- however I want to limit the modules that can be loaded in these scripts, eg only a few standard python modules such as string and maybe the file i/o stuff in addition to my game/engine modules, but definately not modules such as sockets... How do I go about blocking unwanted modules, (or including only modules that I want). Can I do it with the standard python library or will I have to hack it a bit to stop sys.path changes etc?

Share this post


Link to post
Share on other sites
You can't. There used to be modules intended to to that kind of things (rexec, Bastion), but they have been disables since changes in the Python object model made them worse than useless security-wise.

Either do not provide modules which can be abused, scan provided modules for inacceptable imports (watch out for the import hook, too!) or run your script as a different user, with limited privileges (yes, it can be done even within a single program, though the functions to do that are platform-specific).

The third option being, as I see it, the preferable one, it's an excellent opportunity to learn about your system's security APIs. [smile] (And to reflect on why so many windows games and applications demand to run as root).

Share this post


Link to post
Share on other sites
I might be misunderstanding one of you two here. Xetrov, will your own scripts execute in the module sparse envirnoment that you want user scripts to execute in? That is, you don't want any Python script to use sockets (or whatever other module you wish to restrict)?

Share this post


Link to post
Share on other sites
SiCrane:

Yes, thats what I want.

Well I want two interpreter/environments actually:

1) The main game environment which is a set of python scripts which hook into my C++ engine
2) The console which can only be allowed an even more minimal choice of modules (or probably none except those loaded by the engine)

So the game scripts need to have a limited environment to avoid the modules such as sockets. If it is easier, is it possible to disallow *all* module loading from paths which the engine doesn't like, and disallow all C module loading -- so I can recreate any modules etc if I want them (eg string).

Does that clear it up at all?

Share this post


Link to post
Share on other sites
Fruny's post got me looking around a bit more...

Can I redefine __import__ before I execute my scripts? But then how can I stop a redefinition :D

There has to be an easier/cleaner method than just checking every line of python before I pass it to the interpreter...

[Edited by - Xetrov on November 26, 2004 12:41:46 AM]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this