0

I'm wondering if there is a way of disabling the interactive python prompt so that only scripts on disk can be run? The environment in question is Windows with windows domain controllers.

The reason being as one step of locking down python in an environment with strict security requirements.

andpou
  • 21
  • 2
  • 1
    If you have properly protected the file system from writes and unwanted reads, you can't do any more damage on a python prompt than in `bash` shell. – mike3996 Jan 13 '15 at 08:47
  • Maybe you could "overwrite" the python command by moving the actual python executable and replacing it with a script, that first checks whether there is a file argument and only then calls the original executable. However, I don't think that this will have much use in "securing" the system. – tobias_k Jan 13 '15 at 08:59
  • 1
    Not sure how running interactively is any more dangerous than allowing script execution, since you can simply put the destructive commands to a script file and run that. – Daniel Roseman Jan 13 '15 at 09:08
  • Another dirty way is to make this python scripts executable files. A lot of ways to do it. – Dmytro Sadovnychyi Jan 13 '15 at 11:25
  • I forgot to mention that we are running a windows environment. – andpou Jan 13 '15 at 11:30
  • I have done some experimentation with wrapping python with another script/exe, but since I need to lock down the original python.exe (via Group Policies) the script does not have the rights to call the original python binary. – andpou Jan 16 '15 at 13:59
  • The goal is also to lock down from where python allows scripts to run. See http://stackoverflow.com/questions/27921159/restrict-python-script-locations. The final goal is to only allow python to run scripts from controlled locations. – andpou Jan 16 '15 at 14:00

0 Answers0