[Python-Dev] Sandboxing Python (original) (raw)

Serhiy Storchaka storchaka at gmail.com
Mon Mar 5 23:26:05 CET 2012

• Previous message: [Python-Dev] Sandboxing Python
• Next message: [Python-Dev] [Python-checkins] cpython: Fix a comment: PySequence_Fast() creates a list, not a tuple.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

05.03.12 23:16, Victor Stinner написав(ла):

Apply the timeout would require to modify the sum() function.

sum() is just one, simple, example. Any C code could potentially run long enough. Another example is the recently discussed hashtable vulnerability:

class badhash: hash = int(42).hash set([badhash() for _ in range(100000)])

A more generic solution would be to use a subprocess.

Yes, it's the only way to secure implement the sandbox.

• Previous message: [Python-Dev] Sandboxing Python
• Next message: [Python-Dev] [Python-checkins] cpython: Fix a comment: PySequence_Fast() creates a list, not a tuple.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list