[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [pygame] Python bots in Galcon (or your game!) safe_eval

To: pygame-users@xxxxxxxx
Subject: Re: [pygame] Python bots in Galcon (or your game!) safe_eval
From: "René Dudfield" <renesd@xxxxxxxxx>
Date: Mon, 2 Apr 2007 17:35:52 +1000
Delivered-to: archiver@seul.org
Delivered-to: pygame-users-outgoing@seul.org
Delivered-to: pygame-users@seul.org
Delivery-date: Mon, 02 Apr 2007 03:36:02 -0400
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=RZWNMJyHSEBM2LXr77tUHfzc3EWtQEDoQdokMs83f4DkFL+5617VgPOFsd6n/uFhit7svKDh4JHY1dHO57AfKZtb9EXhs2uDJxK5AaMbsCvIfCrMxFGHtTRUYn6zVM50YYjzC6tlYP2IF/HqYsOiZD+4nTr03Xe83ZDDFiWQDvs=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=V55zR8i2576F8uqWM80zcvylGZlx7H9pRJu863R3EPwnpel4WgwLYKtdUNvZZwxBUBqmfDwjgkPfJmsRfs6En8lr/IrvMcra0tuENryreT8phwiDWDmhzi5c6LR3w82NBHGJTEOXf5tZT+3Dd9ELyu79cGTCDkQl0WAL3RkZb+k=
In-reply-to: <231084.34650.qm@web30303.mail.mud.yahoo.com>
References: <231084.34650.qm@web30303.mail.mud.yahoo.com>
Reply-to: pygame-users@xxxxxxxx
Sender: owner-pygame-users@xxxxxxxx

Hi,

One further step you could take would be running the bots as separate
processes with lower OS level privileges, or sandbox.

So with unix you could then use ulimit to limit files opened, memory
used, etc etc.  Type ulimit -a to see a list of things you can change.

The process would need some way to talk, however since you are already
using networking to communicate this should be easy.

This would help reduce the chance of denial of service attacks through
cpu use, and memory use.

Chroots(unix), and jails(*bsd) would be possible... but maybe a little
bit too much effort.  I'm not sure what facilities are available on
windows... but I'm sure there is something you can do to limit what a
process can do.


Cheers,

On 3/8/07, Phil Hassey <philhassey@xxxxxxxxx> wrote:

Hey,

I spent some time today working on building a safe_eval function that would
make it "safe" to run user submitted bots in games (Galcon, being that game
;)

http://www.imitationpickles.org/tmp/safe.py

The file includes links to a number of references on the topic, and why
likely this won't work.  Anyway - I know a lot of you wanted to make bots
for Galcon, so that's why I'm trying to put this together.  So if anyone can
find security holes in my implementation, it would be a huge help - the more
I find and get patched the more likely I am to actually release Galcon with
ability for bot-plugins.

The known limitations at the top are things that I don't really want to fix
- they are just limitations.  :)  I'm mainly interested in limiting what a
bot can access (say other parts of the game code) and keeping them from
using builtins like files, etc.

The two things I do in this script are:
- Step through the AST tree and reject scripts that use any non-whitelisted
node types.  A lot of python features are dropped, but enough are kept for
building decent bots (the main bot from Galcon is "ok" as far as safe.py is
concerned.)  I pretty much reject anything that falls into the magic
category - generators, imports, execs, exceptions, etc...
- Replace non-whitelisted builtins with a function that raises an exception
"you used a bad builtin!", runs "exec code in context" and then restores all
the builtins.

Anyway, feel free to poke around the code.  I think a working safe_eval
would be a huge asset for games developed in python that want to have user
submitted mods / bots.

Thanks!
Phil


 ________________________________
It's here! Your new message!
Get new email alerts with the free Yahoo! Toolbar.

Next by Author: Re: [pygame] Odd Little pygame.event Bug?
Previous by thread: Re: [pygame] Firing bullets
Next by thread: [pygame] new Pygame-based framework: qxp
Index(es):
- Author
- Thread