[FRPythoneers] chroot()

Evelyn Mitchell efm at tummy.com
Wed Sep 5 16:32:57 MDT 2001


On Wed, Sep 05, 2001 at 04:27:36PM -0600, Theodore A. Roth wrote:
> Evelyn,
> 
> I had already looked into that but it looks to be oriented toward
> restricting the execution of python code the user imputs.

Yes, that is one thing it can do. It can be used to set up all
sorts of different restricted environments, not necessarily just
to protect against malicious user input.

> In my case, all I want to do is take a string from the user and pass it to
> os.chdir() with out the user being able to get out of a certain directory.

Restricted execution is the mechanism python provides to do this.
Please, take a look at:
  http://py-howto.sourceforge.net/rexec/rexec.html

> Am I just asking for trouble with this approach?
Nope. It's possible to do that, you just have to do it carefully.

Evelyn Mitchell
efm at tummy.com



> 
> Thanks,
> 
> Ted Roth
> 
> 
> On Wed, 5 Sep 2001, Evelyn Mitchell wrote:
> 
> :)Hi Ted,
> :)
> :)look at the restricted execution environment.
> :)
> :)
> :)efm
> :)
> :)On Wed, Sep 05, 2001 at 03:42:32PM -0600, Theodore A. Roth wrote:
> :)> I've searched high low, but it doesn't look to me like python supplies the
> :)> chroot() function ala 'man 2 chroot'. Is this true?
> :)>
> :)> I'm trying to use python, via cgi, as a photo album generator. I want to
> :)> let the user supply the directory to list the contents of, but I would
> :)> like to protect against the user doing something like
> :)> '../../../../../some/dir// to list files outside of where the pictures are
> :)> kept. Thus, chroot()ing into my base photo directory after loading all the
> :)> modules I need would be a handy thing to do.
> :)>
> :)> Any one have a better idea?
> :)>
> :)> Ted Roth
> :)>
> 
> 
> 
> _______________________________________________
> This message sent by the FRPythoneers mailing list.
> Unsubscribe: echo unsubscribe | FRPythoneers-request at lists.community.tummy.com
> URL: http://lists.community.tummy.com/mailman/listinfo/frpythoneers



More information about the FRPythoneers mailing list