Mailing List Archive: stdout in a restricted environment

stdout in a restricted environment

Apr 22, 1999, 5:12 AM

Post #1 of 3 (527 views)

I'm trying to make a program that will enable users to connect to a server
running a python interpreter and be able to program in a restricted
environment in that interpreter. The rexec object has methods called s_exec
and s_eval which are supposed to use secure forms of the standard I/O
streams, but I can't redefine them to be something else (specifically, an
object that sends the response back to the client) Any pointers on how to
go about redirecting the standard I/O streams from a restricted environment?

Cheers,
Chris

stdout in a restricted environment [ In reply to ]

arcege at shore

Apr 22, 1999, 5:51 AM

Post #2 of 3 (513 views)

Permalink

Chris AtLee <catlee@globalserve.net> wrote:
: I'm trying to make a program that will enable users to connect to a server
: running a python interpreter and be able to program in a restricted
: environment in that interpreter. The rexec object has methods called s_exec
: and s_eval which are supposed to use secure forms of the standard I/O
: streams, but I can't redefine them to be something else (specifically, an
: object that sends the response back to the client) Any pointers on how to
: go about redirecting the standard I/O streams from a restricted environment?

I would suggest making a subclass of RExec that redefines the
make_delegate_files method.

def __init__(self, socket, hooks = None, verbose = 0):
RExec.__init__(self, hooks=hooks, verbose=verbose)
self._data_socket = socket

def make_delegate_files(self):
reader = self._data_socket.makefile('r')
writer = self._data_socket.makefile('w')
s = self.modules['sys']
self.delegate_stdin = FileDelegate(s, 'stdin')
self.delegate_stdout = FileDelegate(s, 'stdout')
self.delegate_stderr = FileDelegate(s, 'stderr')
self.restricted_stdin = FileWrapper(reader)
self.restricted_stdout = FileWrapper(writer)
self.restricted_stderr = FileWrapper(writer)

Granted, I haven't tried this, but it looks correct. :)

Good luck.

-Arcege

stdout in a restricted environment [ In reply to ]

catlee at globalserve

Apr 23, 1999, 12:53 AM

Post #3 of 3 (514 views)

Permalink

Michael P. Reilly <arcege@shore.net> wrote in message
news:MXET2.15$7j4.3896@news.shore.net...
...
> I would suggest making a subclass of RExec that redefines the
> make_delegate_files method.
>
> def __init__(self, socket, hooks = None, verbose = 0):
> RExec.__init__(self, hooks=hooks, verbose=verbose)
> self._data_socket = socket
>
> def make_delegate_files(self):
> reader = self._data_socket.makefile('r')
> writer = self._data_socket.makefile('w')
> s = self.modules['sys']
> self.delegate_stdin = FileDelegate(s, 'stdin')
> self.delegate_stdout = FileDelegate(s, 'stdout')
> self.delegate_stderr = FileDelegate(s, 'stderr')
> self.restricted_stdin = FileWrapper(reader)
> self.restricted_stdout = FileWrapper(writer)
> self.restricted_stderr = FileWrapper(writer)
>
> Granted, I haven't tried this, but it looks correct. :)

This works, after I put in some code to flush the writer when something
happens...I think I may have had a working solution before but never knew it
because my output wasn't getting flushed :)

Cheers,
Chris