Theodore A. Roth
troth at verinet.com
Wed Sep 5 16:27:36 MDT 2001
I had already looked into that but it looks to be oriented toward
restricting the execution of python code the user imputs.
In my case, all I want to do is take a string from the user and pass it to
os.chdir() with out the user being able to get out of a certain directory.
Am I just asking for trouble with this approach?
On Wed, 5 Sep 2001, Evelyn Mitchell wrote:
:)look at the restricted execution environment.
:)On Wed, Sep 05, 2001 at 03:42:32PM -0600, Theodore A. Roth wrote:
:)> I've searched high low, but it doesn't look to me like python supplies the
:)> chroot() function ala 'man 2 chroot'. Is this true?
:)> I'm trying to use python, via cgi, as a photo album generator. I want to
:)> let the user supply the directory to list the contents of, but I would
:)> like to protect against the user doing something like
:)> '../../../../../some/dir// to list files outside of where the pictures are
:)> kept. Thus, chroot()ing into my base photo directory after loading all the
:)> modules I need would be a handy thing to do.
:)> Any one have a better idea?
:)> Ted Roth
More information about the FRPythoneers