简体繁体 English

网站如何安全地托管和执行用户代码

[英]How do websites safely host and execute user's code

原文 2012-10-01 20:13:19 1 1 python

How do websites and other web services, such as Google App Engine or WordPress etc... safely allow people to upload any code they want without periodically having damage done by user's code? 网站和其他网络服务（例如Google App Engine或WordPress等）如何安全地允许人们上载他们想要的任何代码，而不会因用户代码而造成定期破坏？ I was working on a project that basically uses a more complicated implementation of 'Eval()' in Python to execute code uploaded by users. 我正在一个项目上，该项目基本上使用Python中更复杂的'Eval（）'实现来执行用户上传的代码。 I was thinking of trying to do this safely, by instead of hosting code, instead make developers host code and I can access it like an api? 我当时想尝试安全地执行此操作，而不是托管代码，而是让开发人员托管代码，并且可以像api一样访问它？ Or possibly have to approve it all (Like they do on the app Store). 或可能必须全部批准（就像他们在App Store上一样）。

Anyways, just to rephrase, How can I safely host and execute code uploaded by a user? 无论如何，只是重新说明一下，如何安全地托管和执行用户上传的代码？

1 个解决方案

Python interåreter had sandboxing as a feature goal in the past. 过去，PythonInteråreter曾将沙盒作为功能目标。 However it dis not work out very well for Python. 但是，对于Python来说效果不是很好。

Something what's left is RestrictedPython (deployed every on Plone site out there): 剩下的就是RestrictedPython（部署在Plone网站上的每个网站）：

http://pypi.python.org/pypi/RestrictedPython http://pypi.python.org/pypi/RestrictedPython

It's basically an eval() which modifies Python AST before execution. 它基本上是一个eval（），它在执行之前修改Python AST。 Useful for few line scripts, not useful for real application development. 对于少量的行脚本很有用，对于实际的应用程序开发则无用。

However if I were you I wouldn't try to create sandboxing on a VM level. 但是，如果您是我，则不会尝试在VM级别上创建沙箱。 Instead I'd create jailed / chrooted UNIX processes which have read-only access to everything (disk, network, etc.) and a killing timeout for too long execution. 取而代之的是，我将创建被监禁/ chroot的UNIX进程，这些进程具有对所有内容（磁盘，网络等）的只读访问权，并且由于执行时间太长而导致终止超时。 This is pretty much how App Engine does it. 这几乎就是App Engine的工作方式。