On Fri, Nov 09, 2001 at 03:25:04PM -0500, Doug McNaught wrote:
> Tom Lane <tgl@sss.pgh.pa.us> writes:
>
> > What worries me is not so much this particular hole, which is easily
> > plugged now that we know about it, as that it suggests that Python's
> > idea of a restricted environment is considerably less restricted than
> > we would like. Perhaps there are other facilities that need to be
> > turned off as well?
>
> Could be. FWIW, Zope (www.zope.org) allows for Python scripts, created
> and managed through the web, that run in a "sandbox" with many of the
> same restrictions as PG puts on untrusted languages--they actually
> disallow regex matching so you can't hang the webserver thread with a
> regex that backtracks forever. Might be worthhhile for the plpython
> folks to take a look at Zope.
And it took _forever_ to convince the Zope folks to put it in, for this
very reason. Those who wanted python scripts (through the web interface,
as opposed to through the filesystem) had to jump through all the hoops
to make it safe enough.
Ross