Limiting access to python modules
Author
I've got python embedded in my game to provide scripting for a number of different uses, not the least of which is the game logic.
Eventually I expect users to be able to create mods by modifying these python scripts -- however I want to limit the modules that can be loaded in these scripts, eg only a few standard python modules such as string and maybe the file i/o stuff in addition to my game/engine modules, but definately not modules such as sockets...
How do I go about blocking unwanted modules, (or including only modules that I want). Can I do it with the standard python library or will I have to hack it a bit to stop sys.path changes etc?
You can't. There used to be modules intended to to that kind of things (rexec, Bastion), but they have been disables since changes in the Python object model made them worse than useless security-wise.
Either do not provide modules which can be abused, scan provided modules for inacceptable imports (watch out for the import hook, too!) or run your script as a different user, with limited privileges (yes, it can be done even within a single program, though the functions to do that are platform-specific).
The third option being, as I see it, the preferable one, it's an excellent opportunity to learn about your system's security APIs. [smile] (And to reflect on why so many windows games and applications demand to run as root).
Either do not provide modules which can be abused, scan provided modules for inacceptable imports (watch out for the import hook, too!) or run your script as a different user, with limited privileges (yes, it can be done even within a single program, though the functions to do that are platform-specific).
The third option being, as I see it, the preferable one, it's an excellent opportunity to learn about your system's security APIs. [smile] (And to reflect on why so many windows games and applications demand to run as root).
I might be misunderstanding one of you two here. Xetrov, will your own scripts execute in the module sparse envirnoment that you want user scripts to execute in? That is, you don't want any Python script to use sockets (or whatever other module you wish to restrict)?
Author
SiCrane:
Yes, thats what I want.
Well I want two interpreter/environments actually:
1) The main game environment which is a set of python scripts which hook into my C++ engine
2) The console which can only be allowed an even more minimal choice of modules (or probably none except those loaded by the engine)
So the game scripts need to have a limited environment to avoid the modules such as sockets. If it is easier, is it possible to disallow *all* module loading from paths which the engine doesn't like, and disallow all C module loading -- so I can recreate any modules etc if I want them (eg string).
Does that clear it up at all?
Yes, thats what I want.
Well I want two interpreter/environments actually:
1) The main game environment which is a set of python scripts which hook into my C++ engine
2) The console which can only be allowed an even more minimal choice of modules (or probably none except those loaded by the engine)
So the game scripts need to have a limited environment to avoid the modules such as sockets. If it is easier, is it possible to disallow *all* module loading from paths which the engine doesn't like, and disallow all C module loading -- so I can recreate any modules etc if I want them (eg string).
Does that clear it up at all?
Author
Fruny's post got me looking around a bit more...
Can I redefine __import__ before I execute my scripts? But then how can I stop a redefinition :D
There has to be an easier/cleaner method than just checking every line of python before I pass it to the interpreter...
[Edited by - Xetrov on November 26, 2004 12:41:46 AM]
Can I redefine __import__ before I execute my scripts? But then how can I stop a redefinition :D
There has to be an easier/cleaner method than just checking every line of python before I pass it to the interpreter...
[Edited by - Xetrov on November 26, 2004 12:41:46 AM]
This topic is closed to new replies.
Advertisement
Popular Topics
Advertisement
