[Python-Dev] The pysandbox project is broken (original) (raw)
Victor Stinner victor.stinner at gmail.com
Fri Nov 15 18:34:20 CET 2013
- Previous message: [Python-Dev] The pysandbox project is broken
- Next message: [Python-Dev] The pysandbox project is broken
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
2013/11/15 Trent Nelson <trent at snakebite.org>:
This sounds a lot like the work I initially did with PyParallel to try and intercept/prevent parallel threads mutating main-thread objects.
I ended up arriving at a much better solution by just relying on memory protection; main thread pages are set read-only prior to parallel threads being able to run. If a parallel thread attempts to mutate a main thread object; a SEH is raised (SIGSEV on POSIX), which I catch in the ceval loop and convert into an exception.
Read-only is not enough, an attack must not be able to read sensitive data.
Protections of memory pages sound very low-level, so not very portable :-/
How do you know fif SIGSEGV comes from a legal call (parallel thread thing) or a real bug?
Victor
- Previous message: [Python-Dev] The pysandbox project is broken
- Next message: [Python-Dev] The pysandbox project is broken
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]