Prevent python subprocess.Popen() from starting another processes

Asked Jun 04 '21 at 20:07

Active Jun 04 '21 at 20:07

Viewed 133 times

I have python code that starts new process with code:

process = subprocess.Popen(["python3", "solution.py"])

But code in solution.py can contain opening new processes:

import os
while True: os.fork()

How do I deny permission of subprocess to start new processes?

asked Jun 04 '21 at 20:07

Are these subprocesses you're running from an untrusted source? If they are written by people that you trust to not fork infinite processes then I would think that you wouldn't need to deny permission, and if they are from an untrusted source then I would recommend against running the code at all, even with process creation permissions removed. – Oli Jun 04 '21 at 20:13
1

iirc, there's no OS level permission to restrict a process for creating sub-processes. That leaves possibly setting an env for the Popen which has key things stripped out of it, but [sandboxing python by controlling the env is notoriously hard](https://stackoverflow.com/questions/3068139/how-can-i-sandbox-python-in-pure-python). – Aaron Jun 04 '21 at 23:24

0 Answers0