[Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited) (original) (raw)
Jon Ribbens jon+python-dev at unequivocal.co.uk
Mon Apr 11 12:53:54 EDT 2016
- Previous message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
- Next message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Apr 11, 2016 at 04:04:21PM +0100, Paul Moore wrote:
However, it's not at all clear (to me at least) what you are trying to do.
I'm trying to see to what extent we can use ast node inspection to remedy the failures of prior attempts at Python sandboxing. Is there any extent to which Python can be sandboxed, or is even trying to use it as a calculator function unfixably insecure?
You're limiting the subset of Python that people can use, understood. And you're trying to ensure that people can't do "bad things". Again, understood. But what subset are you actually allowing, and what things are you trying to protect against? (For example, I can't calculate sin(1.2) using the math module - why is that not alllowed?
It wasn't allowed in the earlier version because I wasn't allowing import at all, because this is just an experiment. As it happens, I added 'import' yesterday so yes you can use math.sin.
It feels at the moment as if I'm playing a game where I don't know the rules, and every time I think I scored a point, the rules are changed to retroactively disallow it.
The challenge is to show some code that will escape from the sandbox, in a way that is not trivially fixable with a tiny patch, or in a way that demonstrates that such a large number of tiny patches would be required as to be unworkable.
- Previous message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
- Next message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]