0

Is there any simple way to restrict Python system calls (os.system, subprocess, ...) to a given folder/tree?

A possible use case would be, a shared webserver, where the users/students can upload their i.e. Bottle APPs to run via wsgi/uwsgi and nginx or so.

In order to simplify the configuration, all webapps run under the same system user (i.e. www-data) and store their data under /var/www/webapp_name.

But what if some "smart" user includes some function on his app, which tries to make a system call to read or modify something into another location of the system?

A possible solution could be, to create separate system users for each webapp, and tighten the permissions. But they could still do plenty of potential damage. And it would mean some extra configuration overhead, compared to just web-users with no system privileges.

If virtualenv would somehow allow something like

os.system('ls ./')

but block something like

os.system('ls /')

or

os.system('rm -rf ../another_webapp')

it could be really useful.

This could probably be done by something like SELinux or Apparmor too, but it would be cleaner to have a pure pythonic solution.

Julen Larrucea
  • 149
  • 1
  • 9
  • I think you just have to modify the read permission of the folder to the user – Yugandhar Chaudhari Oct 11 '19 at 10:38
  • Docker container? Python itself is hard to restrict on anything. Available solutions are either extremely limiting or unsafe. – Klaus D. Oct 11 '19 at 10:40
  • Sure, that would require creating a separate system user for each instance, but it wouldn't avoid the user to i.e. write to the `/tmp` folder. – Julen Larrucea Oct 11 '19 at 10:42
  • @KlausD.: Well... sure, that's definitely a solution, but I would like to restrict the access only from the user side, not from the admin site. Could you mention some of those extremely limiting or unsafe solutions? – Julen Larrucea Oct 11 '19 at 10:46

0 Answers0