Jim,

 

Thanks for your reply.  I suspect the concern is more for any standard options that would immediately open up some level of access to the Python interpreter.  I would assume that we'd be able to code up a server, of course, but we're more concerned about any built-in servers that could easily be brought online.

 

Thanks for your response.

 

 

Ulises Melendez

ulises_melendez <at> securecomputing.com

954.375.3667

From: james.edward.baker <at> gmail.com [mailto:james.edward.baker <at> gmail.com] On Behalf Of Jim Baker
Sent: Thursday, August 14, 2008 7:09 PM
To: Melendez,Ulises
Cc: Philip Jenvey; jython-users <at> lists.sourceforge.net

Subject: Re: [Jython-users] Does the jython interpreter open up any ports?

 

Well, if you are talking about command line options, do recognize that Jython allows you to run arbitrary Python code. The new -m option in 2.5 lets that go even further - that would be a command line option. We also allow Jython to connect to remote debuggers, since also with 2.5 we pass through any -J flags directly to Java (http://java.sun.com/j2se/1.5.0/docs/guide/jpda/conninv.html#Invocation). Note that 2.5 just simplifies some setup that one can do otherwise by creating an appropriate wrapper script.

 

And Jython can fully use sockets, or other Java resources. We even support the Python socket API with that. However, that's no different than other Java code. 

 

The key thing to know is that just like any other Java code, you can lock all of this down by denying Jython the ability to use sockets, just by not granting java.net.SocketPermission, or modifying it as desired. That's just standard Java. Unfortunately the configuration specifics will depend on how you run that VM. Check out http://java.sun.com/j2se/1.5.0/docs/guide/security/index.html as one particularly relevant example for most usage of Java from the command line; look at your specific container or setup for others.

 

On Thu, Aug 14, 2008 at 4:34 PM, Melendez,Ulises <Ulises_Melendez <at> securecomputing.com> wrote:

Thanks for the reply, Philip.

To follow up, does Jython have any configuration options that WOULD cause it
to open up any ports?  As a hypothetical, there might be some debug switch
that would allow a remote debugger to connect directly to the Jython
interpreter.  Is there anything along those lines that we could, for safety,
explicitly disable?

Thanks again,


Ulises Melendez

-----Original Message-----
From: Philip Jenvey [mailto:pjenvey <at> underboss.org]
Sent: Thursday, August 14, 2008 6:27 PM
To: Melendez,Ulises
Cc: jython-users <at> lists.sourceforge.net
Subject: Re: [Jython-users] Does the jython interpreter open up any ports?


On Aug 14, 2008, at 2:07 PM, Melendez,Ulises wrote:

> I'm trying to get approval for including Jython in our production
> environment, and one of the questions I'm being asked is whether the
> Jython interpreter that's instantiated when embedding Jython in Java
> opens up any ports or is in any way accessible from outside the Java
> VM.  Can someone please confirm that the interpreter is not
> available outside the VM, and, specifically, that it does NOT listen
> on any ports?

Jython doesn't open any sockets unless you ask it to.

The lsof command on UNIX can show every open file (including sockets)
for a particular process if you don't believe us. =]

--
Philip Jenvey



-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Jython-users mailing list
Jython-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jython-users

--
Jim Baker
jbaker <at> zyasoft.com