[Python-Dev] Sandboxing Python (original) (raw)
Armin Rigo arigo at tunes.org
Sun Mar 4 18:10:19 CET 2012
- Previous message: [Python-Dev] Defending against stack overflow (was Sandboxing Python)
- Next message: [Python-Dev] Sandboxing Python
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi all,
On Sun, Mar 4, 2012 at 03:51, Guido van Rossum <guido at python.org> wrote:
Could we put asserts in the places where segfaults may happen?
No. I checked Lib/test/crashers/*.py and none of them would be safe with just a failing assert. If they were, we'd have written the assert long ago :-( "mutation_inside_cyclegc.py" is not tied to a particular place in the source; "loosing_mro_ref.py" requires an extra INCREF/DECREF in a performance-critical path; etc.
Changing CPython to make it truly secure is definitely either a lost cause or a real major effort, and pysandbox just gives another such example. My advise is to give up and move security at some other level.
(Or else, if you want to play this game, there is PyPy's sandboxing, which is just an unpolished proof a concept so far. I can challenge anyone to attack it, and this time it includes attempts to consume too much time or memory, to crash the process in any other way than a clean "fatal error!" message, and more generally to exploit issues that are dismissed by pysandbox as irrelevant.)
A bientôt,
Armin.
- Previous message: [Python-Dev] Defending against stack overflow (was Sandboxing Python)
- Next message: [Python-Dev] Sandboxing Python
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]