I’m writing a web server based on Python which should be able to execute “plugins” so that functionality can be easily extended.
For this I considered the approach to have a number of folders (one for each plugin) and a number of shell/python scripts in there named after predefined names for different events that can occur.
One example is to have an on_pdf_uploaded.py file which is executed when a PDF is uploaded to the server. To do this I would use Python’s subprocess tools.
For convenience and security, this would allow me to use Unix environment variables to provide further information and set the working directory (cwd) of the process so that it can access the right files without having to find their location.
Since the plugin code is coming from an untrusted source, I want to make it as secure as possible. My idea was to execute the code in a subprocess, but put it into a chroot jail with a different user, so that it can’t access any other resources on the server.
Unfortunately I couldn’t find anything about this, and I wouldn’t want to rely on the untrusted script to put itself into a jail.
Furthermore, I can’t put the main/calling process into a chroot jail either, since plugin code might be executed in multiple processes at the same time while the server is answering other requests.
So here’s the question: How can I execute subprocesses/scripts in a chroot jail with minimum privileges to protect the rest of the server from being damaged by faulty, untrusted code?
Thank you!
After creating your jail you would call
os.chrootfrom your Python source to go into it. But even then, any shared libraries or module files already opened by the interpreter would still be open, and I have no idea what the consequences of closing those files viaos.closewould be; I’ve never tried it.Even if this works, setting up chroot is a big deal so be sure the benefit is worth the price. In the worst case you would have to ensure that the entire Python runtime with all modules you intend to use, as well as all dependent programs and shared libraries and other files from
/bin,/libetc. are available within each jailed filesystem. And of course, doing this won’t protect other types of resources, i.e. network destinations, database.An alternative could be to read in the untrusted code as a string and then
exec code in mynamespacewheremynamespaceis a dictionary defining only the symbols you want to expose to the untrusted code. This would be sort of a “jail” within the Python VM. You might have to parse the source first looking for things likeimportstatements, unless replacing the built-in__import__function would intercept that (I’m unsure).