www.fifi.org
    Documentation
        Manpages
        GNU Info
        Debian document tree
        Whole document tree
    Trigance web page
    Public services
    User info
    Mailing lists
    Secure server
    Multilingual usage
 

Copyright (C) 2000-2012
Philippe Troin
<webmaster@fifi.org>.

Validate HTML
Validate CSS

    

GNU Info

Info Node: (python2.1-lib.info)An example

(python2.1-lib.info)An example

Prev: Defining restricted environments Up: rexec
Enter node , (file) or (file)node 

An example
----------

Let us say that we want a slightly more relaxed policy than the
standard `RExec' class.  For example, if we're willing to allow files
in `/tmp' to be written, we can subclass the `RExec' class:

     class TmpWriterRExec(rexec.RExec):
         def r_open(self, file, mode='r', buf=-1):
             if mode in ('r', 'rb'):
                 pass
             elif mode in ('w', 'wb', 'a', 'ab'):
                 # check filename : must begin with /tmp/
                 if file[:5]!='/tmp/':
                     raise IOError, "can't write outside /tmp"
                 elif (string.find(file, '/../') >= 0 or
                      file[:3] == '../' or file[-3:] == '/..'):
                     raise IOError, "'..' in filename forbidden"
             else: raise IOError, "Illegal open() mode"
             return open(file, mode, buf)

Notice that the above code will occasionally forbid a perfectly valid
filename; for example, code in the restricted environment won't be able
to open a file called `/tmp/foo/../bar'.  To fix this, the `r_open()'
method would have to simplify the filename to `/tmp/bar', which would
require splitting apart the filename and performing various operations
on it.  In cases where security is at stake, it may be preferable to
write simple code which is sometimes overly restrictive, instead of
more general code that is also more complex and may harbor a subtle
security hole.
automatically generated by info2www version 1.2.2.9