Virtual Environments for Safety

Discussion in 'Linux Security' started by Eric Hansen, Jul 8, 2014.

  1. Eric Hansen

    Eric Hansen Moderator Staff Writer

    Messages:
    124
    Likes Received:
    87
    Trophy Points:
    28
    While this might sound more like a programming article, it is also very useful to sysadmins and security lovers as well. Virtual environments for programming languages can be thought of a lot like a virtual machine, just it doesn’t use all the resources a VM does. To better explain this, we’ll look at some from various languages.

    Python
    The biggest player with this language has been virtualenv until Python 3 came with virtual environment support built in.


    virtualenv works by creating a new directory for each environment in a specified folder, along with some hook files that you can use to run other programs and such. It symlinks a localized version of Python to /usr/bin/python and in the environment folder it stores all the packages you install via pip.


    The biggest gain this provides for everyone is that it separates different versions of libraries. So if your main Python environment has version a.b.c of some_package, and you need to use version x.y.z of some_package, you can easily install it via pip (pip install some_package==x.y.z) and not have to worry about conflicting with your system’s packages.

    PHP
    I’ve been using PHP since either PHP3 or PHP4 was out (~2000). One thing it has always been missing (until recently) is a virtual environment set up. Thankfully the need has finally been answered via virtPHP.


    While I haven’t tried it (I don’t use PHP for CLI purposes much anymore, and rarely used PEAR), it does look very promising, and is intended to be to PHP what virtualenv is to Python.


    Its still in the early stages, but PHP is another one of those languages where too many packages can become a burden, especially when backwards compatibility isn’t taken into account by their developers.


    The GitHub page provides more on how to actually use it, at least on my laptop. But by the looks of the examples and guide, its as much of a drop-in replacement as you can get when crossing from Python to PHP, which will also help the people switching from PHP to Python.

    Ruby
    All personal opinions aside (I do not like Ruby), it seems like Ruby Version Manager (RVM), Ruby’s virtual environment system, seems to be the granddaddy of the set up.



    As such, I have little to actually say, but it is simple enough to install and the commands are simpler to follow than virtualenv. For example, you can get a list of known Ruby versions via RVM by typing “rvm list known”.


    This is one where I’ve seen a lot of people basically demand you use a virtual environment. Ruby is one of those languages where it can either play very nicely, or very mean, depending on how organized you are.

    JavaScript
    Truthfully, Python and JavaScript are the two reasons I originally wanted to write this.


    For a very, very long time I used to hate JavaScript. While even now I’m not the biggest fan of it, I’ve learned to appreciate it more since things such as jQuery, Node.js and CoffeeScript have come around. They don’t really add anything to JavaScript, they just make it more usable for someone who doesn’t like coding C++ in a scripting language.


    Which, this also brings me to my next point, there are so many different “helpers” to JavaScript, so I’m not going to attempt to cover them all, just Node.js. Again, I’m not a professional at the language, so I can’t dive into the inner workings, but NPM (Node.js Package Manager) is probably one of the most helpful tools I’ve ran into with JavaScript.


    While NPM itself is not a virtual environment, CoffeeScript (which depends on Node.js and NPM) makes it doable. When you create a new project in CoffeeScript (which is really nothing more than running “coffee” on some .cs file), it will create a node_modules folder, which stores all the packages installed via NPM in it.

    Conclusion
    There are a lot of languages that are out there, some with and some without support virtual environments. For example, I’m not aware of any C/C++ virtual environment solution short of creating a VM or buying a new Raspberry Pi for each project. I’ve also only touched on the languages I normally use, and left out any possibly vague option for Assembly, Perl, etc…


    Using virtual environments do add an additional layer of security, especially when you have to use beta code due to a missing feature in a stable release. There’s also a major separation between environments and system, but don’t think that its completely untouchable. Just like LXC and OpenVZ, anything on the host can touch the host if permissions are set right. If you’re looking for something completely segregated from the host, look into using a virtual machine or some sort.

    Attached Files:

  2. ryanvade

    ryanvade Administrator Staff Member Staff Writer

    Messages:
    1,260
    Likes Received:
    428
    Trophy Points:
    83
    I have been meaning to look into virtualENV for python 2. I use python accelerate for parallel applications and when it is installed the system Python always gets screwed up which messes up applications.
  3. Eric Hansen

    Eric Hansen Moderator Staff Writer

    Messages:
    124
    Likes Received:
    87
    Trophy Points:
    28
    I didn't know about that, but now I don't know if I want to try it, lol.

Share This Page