[Python-Dev] Some news from my sandbox project (original) (raw)

Victor Stinner victor.stinner at haypocalc.com
Sat Sep 18 01:27:28 CEST 2010

• Previous message: [Python-Dev] [Catalog-sig] egg_info in PyPI
• Next message: [Python-Dev] Some news from my sandbox project
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I'm still developing irregulary my sandbox project since last june. pysandbox is a sandbox to execute untrusted Python code. It is able to execute unmodified Python code with a low overhead. I consider it as stable and secure. http://github.com/haypo/pysandbox/

Today, the biggest problem is the creation of a read only view of the builtins dictionary. I tried to create my own object with the dict API, but I got quickly a segfault. I realized that ceval.c is hardcoded to use PyDict functions on builtins (LOAD_GLOBAL instruction). So I created a subclass of dict and replaced modify function (setitem, update, clear, ...).

I would like to know if you will agree to modify ceval.c (and maybe some other functions) to support builtins of another type than dict. I mean add a fast check (PyDict_CheckExact) on the type. If you agree, I can will an issue with a patch.

The two last vulnerabilities came from this problem: it was possible to use dict methods on builtins, eg. dict.update(builtins, {...}) and
dict.init(builtins, {...}). Because of that, pysandbox removes all dict methods able to modify a dict. And so "d={...}; d.update(...)" raises an error (d has no update attribute) :-/

If you would like to test pysandbox, just join ##fschfsch channel of the Freenode IRC server and talk to fschfsch. It's an IRC bot using pysandbox to evaluate Python expressions. It is also on #python-fr and #python channels, but please use ##fschfsch for tests. http://github.com/haypo/pysandbox/wiki/fschfsch

Or you can pysandbox on your computer. Download the last git version (github provides tarballs if you don't have git program), install it and run: python interpreter.py. You have to compile _sandbox, a C module required to modify some Python internals.

The last git version is compatible with Python 2.5, 2.6 and 2.7. It works on 3.1 and 3.2 after a conversion with 2to3 and a small hack on sandbox/proxy.py: replace "elif isinstance(value, OBJECT_TYPES):" by "else:" (and remove the existing else statement). I'm not sure that this hack is safe, and so I didn't commited it yet.

-- Victor Stinner http://www.haypocalc.com/

• Previous message: [Python-Dev] [Catalog-sig] egg_info in PyPI
• Next message: [Python-Dev] Some news from my sandbox project
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list