Controlling Access to Resources Within The Python Interpreter

Version 2.5 of the Python programming language contains no mechanism for restricting access to resources by Python code. This is a slight hindrance to the language as it is used in many situations, such as a domain-specific language in other applications, where some mechanism to control what resources Python code can access would be helpful. Python did once have a security mechanism for restricting resource access, but it was disabled in version 2.3. The disabling of the security mechanism was driven by a lack of security expertise on the part of the Python development team. This means that any introduced security mechanism should, if possible, not require language support so as to prevent the need to turn off any new security mechanism in the future. This paper presents a security mechanism whose impact upon the Python language is minimal. By removing four function or methods from Python’s built-in namespace and utilizing Python’s modularity in terms of its connection with its underlying interpreter, the proposed security mechanism has minimal impact upon the language. The mechanism allows for controlling access to resources within a single Python interpreter. This allows Python to have some form of a security mechanism between Python code and the system it is running on.