[Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited) (original) (raw)
Victor Stinner victor.stinner at gmail.com
Sat Apr 9 08:43:19 EDT 2016
- Previous message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
- Next message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Please don't loose time trying yet another sandbox inside CPython. It's just a waste of time. It's broken by design.
Please read my email about my attempt (pysandbox): https://lwn.net/Articles/574323/
And the LWN article: https://lwn.net/Articles/574215/
There are a lot of safe ways to run CPython inside a sandbox (and not rhe opposite).
I started as you, add more and more things to a blacklist, but it doesn't work.
See pysandbox test suite for a lot of ways to escape a sandbox. CPython has a list of know code to crash CPython (I don't recall the dieectory in sources), even with the latest version of CPython.
Victor -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20160409/1e372d1f/attachment.html>
- Previous message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
- Next message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]