How to make web based python interactive shell

2020-07-18 09:50发布

问题:

How do sites like https://www.pythonanywhere.com/try-ipython/ work?

They probably do several exec commands, or interfacing with ipython.

However, this can be extremely insecure if they didn't do any "preventive action" (which they did). A mere (and evil) user can do something like

import shutil, os

and do something bad.

How is technically web based python interactive shell possible? and how could one ensure that the interactive-shell doesn't impact anything bad to the provider?

回答1:

PythonAnywhere dev here. We use a combination of a filesystem jail, low-privilege accounts, ulimit restrictions, and cgroups to sandbox people. Plus some complicated iptables routing.

We're likely to move on to LXC or Docker in the future -- we chose the specific combination that we use now based on what was ready for production when we released the first version of our system back in 2012, and it if we were starting from scratch today we'd do it differently.

That's not to say that our current system is bad -- it works really well. But it does mean that it involves a lot of code that we could strip out if we used the stuff that's available now, and simpler code is obviously better :-)

[edit] I should also add that you might find this talk I did at EuroPython interesting. It doesn't touch on the security aspects of how the shell works, but it is relevant to the subject of your question (how to make a web-based Python interactive shell) because it covers a bunch of the stuff required for running a shell in a browser and connecting it to a Python process running on a server.



回答2:

There are various sandbox/isolation technologies available in the OS including things like filesystem jails, read-only filesystems, low ulimit restrictions, low-privilege user accounts, LXC containers, selinux limitations, docker containers, full-on VMs, VMs that reboot to an immutable image state, etc. No idea specifically what pythonanywhere is employing, though.