[Python-Dev] The pysandbox project is broken (original) (raw)

Maciej Fijalkowski fijall at gmail.com
Sat Nov 16 11:53:22 CET 2013

On Fri, Nov 15, 2013 at 6:56 PM, Trent Nelson <trent at snakebite.org> wrote:

On Tue, Nov 12, 2013 at 01:16:55PM -0800, Victor Stinner wrote:

pysandbox cannot be used in practice ====================================

To protect the untrusted namespace, pysandbox installs a lot of different protections. Because of all these protections, it becomes hard to write Python code. Basic features like "del dict[key]" are denied. Passing an object to a sandbox is not possible to sandbox, pysandbox is unable to proxify arbitary objects. For something more complex than evaluating "1+(2*3)", pysandbox cannot be used in practice, because of all these protections. Individual protections cannot be disabled, all protections are required to get a secure sandbox. This sounds a lot like the work I initially did with PyParallel to try and intercept/prevent parallel threads mutating main-thread objects. I ended up arriving at a much better solution by just relying on memory protection; main thread pages are set read-only prior to parallel threads being able to run. If a parallel thread attempts to mutate a main thread object; a SEH is raised (SIGSEV on POSIX), which I catch in the ceval loop and convert into an exception. See slide 138 of this: https://speakerdeck.com/trent/pyparallel-how-we-removed-the-gil-and-exploited-all-cores-1 I'm wondering if this sort of an approach (which worked surprisingly well) could be leveraged to also provide a sandbox environment? The goals are the same: robust protection against mutation of memory allocated outside of the sandbox. (I'm purely talking about memory mutation; haven't thought about how that could be extended to prevent file system interaction as well.) Trent.

Python-Dev mailing list Python-Dev at python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/fijall%40gmail.com

Trent, you should read the mail more carefully. Notably the same issues that make it impossible to create a sandbox make it impossible to create pyparaller really work. Being read-only is absolutely not enough - you can read some internal structures in inconsistent state that lead to crashes and/or very unexpected behavior even without modifying anything.

PS. We really did a lot of work analyzing how STM-pypy can lead to conflicts and/or inconsistent behavior.

Cheers, fijal

More information about the Python-Dev mailing list