[Python-Dev] new security doc using object-capabilities (original) (raw)
Nick Maclaren nmm1 at cus.cam.ac.uk
Thu Jul 20 13:10:13 CEST 2006
- Previous message: [Python-Dev] Strategy for converting the decimal module to C
- Next message: [Python-Dev] new security doc using object-capabilities
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
"Giovanni Bajo" <rasky at develer.com> wrote:
This recipe for safeeval: http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/496746 which is otherwise very cute, does not handle this case as well: it tries to catch and interrupt long-running operations through a secondary thread, but fails on a single long operation because the GIL is not released and the alarm thread does not get its chance to run.
Grin :-)
You have put your finger on the Great Myth of such virtualisations, which applies to the system-level ones and even to the hardware-level ones. In practice, there is always some request that a sandbox can make to the hypervisor that can lock out or otherwise affect other sandboxes.
The key is, of course, to admit that and to specify what is and is not properly virtualised, so that the consequences can at least be analysed.
Regards, Nick Maclaren, University of Cambridge Computing Service, New Museums Site, Pembroke Street, Cambridge CB2 3QH, England. Email: nmm1 at cam.ac.uk Tel.: +44 1223 334761 Fax: +44 1223 334679
- Previous message: [Python-Dev] Strategy for converting the decimal module to C
- Next message: [Python-Dev] new security doc using object-capabilities
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]