From: Tom N. <tmn...@gm...> - 2010-03-12 19:05:20
|
Hello again, Jython community, I'd first like to point out an early version of the Python web console: http://pythonwebconsole.appspot.com/ Powered by Jython! This is similar to TryPython, except more in the spirit of the Groovy Web Console where scripts can be published and shared. I know, the irony level is pretty high here, but I thought it could be a good showcase for Jython. However, I'm not entirely comfortable with the level of sandboxing done for scripts currently. If I _want_ my scripts to run in a totally isolated environment, with an isolated classloader (so that generated classes can be thrown away,) how would I do that? As I mentioned before, I'm not clear on how to set a classloader per PythonInterpreter instance, and it appears that a static classloader is used. Will defined classes eventually pile up over time and never be GC'd? If anyone can point to documentation or give advice on how to properly isolate and sandbox scripts, that would be great. In addition, please feel free to play with the console, tell your friends, and report any bugs and suggestions for improvement back to me. The full source can be downloaded from github as well: http://github.com/tomstrummer/ Thanks! -Tom 2010/3/4 Tom Nichols <tmn...@gm...>: > Hi Jython community, > > I'm trying to determine how one would sandbox an untrusted Jython > script evaluated with PythonInterpreter. > > So far I've figured out that I can create a new PythonInterpreter with > a new PySystemState every time, which will discard locals after every > script execution. However I've noticed that PySystemState uses a lot > of static fields to keep track of various things. Is it possible for > an evaluated python script to affect some static portions of > PySystemState? > > A secondary question is how to restrict scripts from accessing classes > that are part of the application. I don't want scripts to modify my > data model or reconfigure the web server. It looks like PySystemState > takes two classloaders in its static initialize routine -- are one of > them used to load classes that are referenced from evaluated scripts? > > Some context -- I'm attempting to write an online python script > interpreter, similar to TryPython, TryRuby, and the Groovy Web > Console. Actually I want this to be more like the Groovy Web Console > where users can publish and share scripts. I teach an intro to Python > class and I want my students to share scripts that they've created. > The app itself will run on Google AppEngine (ironically not the Python > runtime, since that is apparently more difficult to sandbox). Since > Jython is meant to be embedded, I'm hoping someone has figured out how > to sandbox it properly. > > Thanks in advance for the advice. > > -Tom > |
From: Santosh T. <ti...@gm...> - 2010-03-12 21:09:14
|
Sweet. A quick (and important) question: If I write some wrong code, it underlines the wrong portion of code with a red dotted line. How are you doing it? How do you know what portion of the code to underline? Can you (share) or point me to the java code that determines the string that should be underlined? Thanks again for the great work. On Fri, Mar 12, 2010 at 2:05 PM, Tom Nichols <tmn...@gm...> wrote: > Hello again, Jython community, > > I'd first like to point out an early version of the Python web console: > http://pythonwebconsole.appspot.com/ > Powered by Jython! This is similar to TryPython, except more in the > spirit of the Groovy Web Console where scripts can be published and > shared. > > I know, the irony level is pretty high here, but I thought it could be > a good showcase for Jython. However, I'm not entirely comfortable > with the level of sandboxing done for scripts currently. If I _want_ > my scripts to run in a totally isolated environment, with an isolated > classloader (so that generated classes can be thrown away,) how would > I do that? As I mentioned before, I'm not clear on how to set a > classloader per PythonInterpreter instance, and it appears that a > static classloader is used. Will defined classes eventually pile up > over time and never be GC'd? > > If anyone can point to documentation or give advice on how to properly > isolate and sandbox scripts, that would be great. In addition, please > feel free to play with the console, tell your friends, and report any > bugs and suggestions for improvement back to me. > > The full source can be downloaded from github as well: > http://github.com/tomstrummer/ > > Thanks! > -Tom > > > 2010/3/4 Tom Nichols <tmn...@gm...>: > > Hi Jython community, > > > > I'm trying to determine how one would sandbox an untrusted Jython > > script evaluated with PythonInterpreter. > > > > So far I've figured out that I can create a new PythonInterpreter with > > a new PySystemState every time, which will discard locals after every > > script execution. However I've noticed that PySystemState uses a lot > > of static fields to keep track of various things. Is it possible for > > an evaluated python script to affect some static portions of > > PySystemState? > > > > A secondary question is how to restrict scripts from accessing classes > > that are part of the application. I don't want scripts to modify my > > data model or reconfigure the web server. It looks like PySystemState > > takes two classloaders in its static initialize routine -- are one of > > them used to load classes that are referenced from evaluated scripts? > > > > Some context -- I'm attempting to write an online python script > > interpreter, similar to TryPython, TryRuby, and the Groovy Web > > Console. Actually I want this to be more like the Groovy Web Console > > where users can publish and share scripts. I teach an intro to Python > > class and I want my students to share scripts that they've created. > > The app itself will run on Google AppEngine (ironically not the Python > > runtime, since that is apparently more difficult to sandbox). Since > > Jython is meant to be embedded, I'm hoping someone has figured out how > > to sandbox it properly. > > > > Thanks in advance for the advice. > > > > -Tom > > > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Jython-users mailing list > Jyt...@li... > https://lists.sourceforge.net/lists/listinfo/jython-users > -- Santosh Tiwari ti...@gm... |
From: Tom N. <tmn...@gm...> - 2010-03-13 16:07:14
|
actuallly that underlining is your browser's spell check -- which I should actually figure out if I can disable since it's not really applicable in this case :) I'm not doing any semantic analysis on what you type. -Tom On Fri, Mar 12, 2010 at 4:09 PM, Santosh Tiwari <ti...@gm...> wrote: > Sweet. > > A quick (and important) question: > > > If I write some wrong code, it underlines the wrong portion of code with a > red dotted line. > > How are you doing it? > > How do you know what portion of the code to underline? > > Can you (share) or point me to the java code that determines the string that > should be underlined? > > Thanks again for the great work. > > > > On Fri, Mar 12, 2010 at 2:05 PM, Tom Nichols <tmn...@gm...> wrote: >> >> Hello again, Jython community, >> >> I'd first like to point out an early version of the Python web console: >> http://pythonwebconsole.appspot.com/ >> Powered by Jython! This is similar to TryPython, except more in the >> spirit of the Groovy Web Console where scripts can be published and >> shared. >> >> I know, the irony level is pretty high here, but I thought it could be >> a good showcase for Jython. However, I'm not entirely comfortable >> with the level of sandboxing done for scripts currently. If I _want_ >> my scripts to run in a totally isolated environment, with an isolated >> classloader (so that generated classes can be thrown away,) how would >> I do that? As I mentioned before, I'm not clear on how to set a >> classloader per PythonInterpreter instance, and it appears that a >> static classloader is used. Will defined classes eventually pile up >> over time and never be GC'd? >> >> If anyone can point to documentation or give advice on how to properly >> isolate and sandbox scripts, that would be great. In addition, please >> feel free to play with the console, tell your friends, and report any >> bugs and suggestions for improvement back to me. >> >> The full source can be downloaded from github as well: >> http://github.com/tomstrummer/ >> >> Thanks! >> -Tom >> >> >> 2010/3/4 Tom Nichols <tmn...@gm...>: >> > Hi Jython community, >> > >> > I'm trying to determine how one would sandbox an untrusted Jython >> > script evaluated with PythonInterpreter. >> > >> > So far I've figured out that I can create a new PythonInterpreter with >> > a new PySystemState every time, which will discard locals after every >> > script execution. However I've noticed that PySystemState uses a lot >> > of static fields to keep track of various things. Is it possible for >> > an evaluated python script to affect some static portions of >> > PySystemState? >> > >> > A secondary question is how to restrict scripts from accessing classes >> > that are part of the application. I don't want scripts to modify my >> > data model or reconfigure the web server. It looks like PySystemState >> > takes two classloaders in its static initialize routine -- are one of >> > them used to load classes that are referenced from evaluated scripts? >> > >> > Some context -- I'm attempting to write an online python script >> > interpreter, similar to TryPython, TryRuby, and the Groovy Web >> > Console. Actually I want this to be more like the Groovy Web Console >> > where users can publish and share scripts. I teach an intro to Python >> > class and I want my students to share scripts that they've created. >> > The app itself will run on Google AppEngine (ironically not the Python >> > runtime, since that is apparently more difficult to sandbox). Since >> > Jython is meant to be embedded, I'm hoping someone has figured out how >> > to sandbox it properly. >> > >> > Thanks in advance for the advice. >> > >> > -Tom >> > >> >> >> ------------------------------------------------------------------------------ >> Download Intel® Parallel Studio Eval >> Try the new software tools for yourself. Speed compiling, find bugs >> proactively, and fine-tune applications for parallel performance. >> See why Intel Parallel Studio got high marks during beta. >> http://p.sf.net/sfu/intel-sw-dev >> _______________________________________________ >> Jython-users mailing list >> Jyt...@li... >> https://lists.sourceforge.net/lists/listinfo/jython-users > > > > -- > Santosh Tiwari > ti...@gm... > |
From: Josh J. <jun...@gm...> - 2010-03-13 16:11:14
|
Nice! It is definitely handy to have a tool such as this at your disposal. I did notice that it only works in Firefox though...I'm using a Mac. I first tried to use it with Safari and it didn't work. I noticed similar issues with Google Chrome. Javascript cross-browser compatibility issues are always a pain. All of that aside, this works nicely in Firefox and is very cool. Regarding the sandboxing...I haven't had a chance to look at your code. Are you running a servlet here? If so, maybe a servlet sandbox would take care of some issues...such as prohibiting alteration of your application code. Hope this helps, and thanks for the cool app. Josh Juneau jun...@gm... http://jj-blogger.blogspot.com http://www.jythonpodcast.com Twitter ID: javajuneau On Fri, Mar 12, 2010 at 1:05 PM, Tom Nichols <tmn...@gm...> wrote: > Hello again, Jython community, > > I'd first like to point out an early version of the Python web console: > http://pythonwebconsole.appspot.com/ > Powered by Jython! This is similar to TryPython, except more in the > spirit of the Groovy Web Console where scripts can be published and > shared. > > I know, the irony level is pretty high here, but I thought it could be > a good showcase for Jython. However, I'm not entirely comfortable > with the level of sandboxing done for scripts currently. If I _want_ > my scripts to run in a totally isolated environment, with an isolated > classloader (so that generated classes can be thrown away,) how would > I do that? As I mentioned before, I'm not clear on how to set a > classloader per PythonInterpreter instance, and it appears that a > static classloader is used. Will defined classes eventually pile up > over time and never be GC'd? > > If anyone can point to documentation or give advice on how to properly > isolate and sandbox scripts, that would be great. In addition, please > feel free to play with the console, tell your friends, and report any > bugs and suggestions for improvement back to me. > > The full source can be downloaded from github as well: > http://github.com/tomstrummer/ > > Thanks! > -Tom > > > 2010/3/4 Tom Nichols <tmn...@gm...>: > > Hi Jython community, > > > > I'm trying to determine how one would sandbox an untrusted Jython > > script evaluated with PythonInterpreter. > > > > So far I've figured out that I can create a new PythonInterpreter with > > a new PySystemState every time, which will discard locals after every > > script execution. However I've noticed that PySystemState uses a lot > > of static fields to keep track of various things. Is it possible for > > an evaluated python script to affect some static portions of > > PySystemState? > > > > A secondary question is how to restrict scripts from accessing classes > > that are part of the application. I don't want scripts to modify my > > data model or reconfigure the web server. It looks like PySystemState > > takes two classloaders in its static initialize routine -- are one of > > them used to load classes that are referenced from evaluated scripts? > > > > Some context -- I'm attempting to write an online python script > > interpreter, similar to TryPython, TryRuby, and the Groovy Web > > Console. Actually I want this to be more like the Groovy Web Console > > where users can publish and share scripts. I teach an intro to Python > > class and I want my students to share scripts that they've created. > > The app itself will run on Google AppEngine (ironically not the Python > > runtime, since that is apparently more difficult to sandbox). Since > > Jython is meant to be embedded, I'm hoping someone has figured out how > > to sandbox it properly. > > > > Thanks in advance for the advice. > > > > -Tom > > > > > ------------------------------------------------------------------------------ > Download Intel® Parallel Studio Eval > Try the new software tools for yourself. Speed compiling, find bugs > proactively, and fine-tune applications for parallel performance. > See why Intel Parallel Studio got high marks during beta. > http://p.sf.net/sfu/intel-sw-dev > _______________________________________________ > Jython-users mailing list > Jyt...@li... > https://lists.sourceforge.net/lists/listinfo/jython-users > |
From: Tom N. <tmn...@gm...> - 2010-03-14 00:09:02
|
Hi Josh, Thanks for the feedback. I'll iron out the cross-browser compatibility issues at some point. So the code is running in a servlet, but I was under the impression that since it's essentially compiling and evaluating Java code on the fly, one could actually reconfigure the application if they really wanted to. My assumption was that if the interpreter was using my custom classloader, I could control which classes can be accessed when the script is evaluated. But I'm really unsure of how the interpreter any PySystemState work together. Can you elaborate on what you mean by a servlet sandbox? Thanks. -Tom On Sat, Mar 13, 2010 at 11:11 AM, Josh Juneau <jun...@gm...> wrote: > Nice! It is definitely handy to have a tool such as this at your disposal. > I did notice that it only works in Firefox though...I'm using a Mac. I > first tried to use it with Safari and it didn't work. I noticed similar > issues with Google Chrome. Javascript cross-browser compatibility issues > are always a pain. All of that aside, this works nicely in Firefox and is > very cool. > Regarding the sandboxing...I haven't had a chance to look at your code. Are > you running a servlet here? If so, maybe a servlet sandbox would take care > of some issues...such as prohibiting alteration of your application code. > Hope this helps, and thanks for the cool app. > > Josh Juneau > jun...@gm... > http://jj-blogger.blogspot.com > http://www.jythonpodcast.com > Twitter ID: javajuneau > > > On Fri, Mar 12, 2010 at 1:05 PM, Tom Nichols <tmn...@gm...> wrote: >> >> Hello again, Jython community, >> >> I'd first like to point out an early version of the Python web console: >> http://pythonwebconsole.appspot.com/ >> Powered by Jython! This is similar to TryPython, except more in the >> spirit of the Groovy Web Console where scripts can be published and >> shared. >> >> I know, the irony level is pretty high here, but I thought it could be >> a good showcase for Jython. However, I'm not entirely comfortable >> with the level of sandboxing done for scripts currently. If I _want_ >> my scripts to run in a totally isolated environment, with an isolated >> classloader (so that generated classes can be thrown away,) how would >> I do that? As I mentioned before, I'm not clear on how to set a >> classloader per PythonInterpreter instance, and it appears that a >> static classloader is used. Will defined classes eventually pile up >> over time and never be GC'd? >> >> If anyone can point to documentation or give advice on how to properly >> isolate and sandbox scripts, that would be great. In addition, please >> feel free to play with the console, tell your friends, and report any >> bugs and suggestions for improvement back to me. >> >> The full source can be downloaded from github as well: >> http://github.com/tomstrummer/ >> >> Thanks! >> -Tom >> >> >> 2010/3/4 Tom Nichols <tmn...@gm...>: >> > Hi Jython community, >> > >> > I'm trying to determine how one would sandbox an untrusted Jython >> > script evaluated with PythonInterpreter. >> > >> > So far I've figured out that I can create a new PythonInterpreter with >> > a new PySystemState every time, which will discard locals after every >> > script execution. However I've noticed that PySystemState uses a lot >> > of static fields to keep track of various things. Is it possible for >> > an evaluated python script to affect some static portions of >> > PySystemState? >> > >> > A secondary question is how to restrict scripts from accessing classes >> > that are part of the application. I don't want scripts to modify my >> > data model or reconfigure the web server. It looks like PySystemState >> > takes two classloaders in its static initialize routine -- are one of >> > them used to load classes that are referenced from evaluated scripts? >> > >> > Some context -- I'm attempting to write an online python script >> > interpreter, similar to TryPython, TryRuby, and the Groovy Web >> > Console. Actually I want this to be more like the Groovy Web Console >> > where users can publish and share scripts. I teach an intro to Python >> > class and I want my students to share scripts that they've created. >> > The app itself will run on Google AppEngine (ironically not the Python >> > runtime, since that is apparently more difficult to sandbox). Since >> > Jython is meant to be embedded, I'm hoping someone has figured out how >> > to sandbox it properly. >> > >> > Thanks in advance for the advice. >> > >> > -Tom >> > >> >> >> ------------------------------------------------------------------------------ >> Download Intel® Parallel Studio Eval >> Try the new software tools for yourself. Speed compiling, find bugs >> proactively, and fine-tune applications for parallel performance. >> See why Intel Parallel Studio got high marks during beta. >> http://p.sf.net/sfu/intel-sw-dev >> _______________________________________________ >> Jython-users mailing list >> Jyt...@li... >> https://lists.sourceforge.net/lists/listinfo/jython-users > > |