[Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited) (original) (raw)
Greg Ewing greg.ewing at canterbury.ac.nz
Mon Apr 11 21:08:36 EDT 2016
- Previous message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
- Next message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jon Ribbens wrote:
So far it looks like blocking "*" and the frame object attributes appears to be sufficient.
Even if your sandbox as it currently exists is secure, it's only an extremely restricted subset. You seem to be assuming that if your technique works so far, then it can be extended to cover a larger subset, but I don't think that's certain.
One problem that's been raised is how to prevent untrusted code from monkeypatching imported modules. Possibly that could be addressed by giving the untrusted code a copy of the module, but I'm not entirely sure -- accidentally importing two copies of the same source file is a well-known source of bugs, after all.
A related, but more difficult problem is that if we allow the untrusted code to import any pure-Python classes, it will be able to monkeypatch them. So it seems like it will need its own copy of those classes as well -- and having two copies of the same class around is another well known source of bugs.
-- Greg
- Previous message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
- Next message (by thread): [Python-Dev] Challenge: Please break this! (a.k.a restricted mode revisited)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]