[Python-Dev] Reviving restricted mode? (original) (raw)
Victor Stinner victor.stinner at gmail.com
Wed Aug 13 23:25:43 CEST 2014
- Previous message: [Python-Dev] Reviving restricted mode?
- Next message: [Python-Dev] Reviving restricted mode?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
I heard that PyPy sandbox cannot be used out of the box. You have to write a policy to allow syscalls. The complexity is moved to this policy which is very hard to write, especially if you only use whitelists.
Correct me if I'm wrong. To be honest, I never take a look at this sandbox.
Victor
Le mercredi 13 août 2014, Steven D'Aprano <steve at pearwood.info> a écrit :
On Thu, Aug 14, 2014 at 02:26:29AM +1000, Chris Angelico wrote: > On Wed, Aug 13, 2014 at 11:11 PM, Isaac Morland <ijmorlan at uwaterloo.ca_ _javascript:;> wrote: > > While I would not claim a Python sandbox is utterly impossible, I'm > > suspicious that the whole "consenting adults" approach in Python is > > incompatible with a sandbox. The whole idea of a sandbox is to absolutely > > prevent people from doing things even if they really want to and know what > > they are doing.
The point of a sandbox is that I, the consenting adult writing the application in the first place, may want to allow untrusted others to call Python code without giving them control of the entire application. The consenting adults rule applies to me, the application writer, not them, the end-users, even if they happen to be writing Python code. If they want unrestricted access to the Python interpreter, they can run their code on their own machine, not mine.
> It's certainly not fundamentally impossible to sandbox Python. > However, the question becomes one of how much effort you're going to > go to and how much you're going to restrict the code. I believe that PyPy has an effective sandbox, but to what degree of effectiveness I don't know. http://pypy.readthedocs.org/en/latest/sandbox.html I've had rogue Javascript crash my browser or make my entire computer effectively unusable often enough that I am skeptical about claims that Javascript in the browser is effectively sandboxed, so I'm doubly cautious about Python. -- Steven
Python-Dev mailing list Python-Dev at python.org javascript:; https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/victor.stinner%40gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20140813/8566e600/attachment.html>
- Previous message: [Python-Dev] Reviving restricted mode?
- Next message: [Python-Dev] Reviving restricted mode?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]