[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.python

Re: Challenge: escape from the pysandbox

Daniel Fetchinson

2/27/2010 5:37:00 PM

On 2/26/10, Victor Stinner <victor.stinner@haypocalc.com> wrote:
> Le vendredi 26 février 2010 15:37:43, Daniel Fetchinson a écrit :
>> >> pysandbox is a new Python sandbox project
>>
>> Out of curiosity, the python sandbox behind google app engine is open
>> source? If so, how is it different from your project, if not, anyone
>> knows
>> if it will be in the future?
>
> I don't know this project. Do you have the URL of the project home page? Is
> it
> the "safelite.py" project?

It's google's hosting solution called app engine, for python web
applications: http://code.google.com/appengine/docs/python/getti...

I guess they also have some kind of a sandbox if they let people run
python on their machines, I'm not sure if it's open source though.

Cheers,
Daniel




--
Psss, psss, put it down! - http://www.cafepress.com...
4 Answers

aahz

2/28/2010 5:56:00 PM

0

In article <mailman.330.1267292249.4577.python-list@python.org>,
Daniel Fetchinson <fetchinson@googlemail.com> wrote:
>
>I guess they also have some kind of a sandbox if they let people run
>python on their machines, I'm not sure if it's open source though.

Thing is, I'm sure that Google uses a critical backstop to any
Python-based sandbox: something like a chroot jail. The Python sandbox
is mostly there to inform you about what you can and can't do; the real
security is provided by the OS.
--
Aahz (aahz@pythoncraft.com) <*> http://www.python...

"Many customs in this life persist because they ease friction and promote
productivity as a result of universal agreement, and whether they are
precisely the optimal choices is much less important." --Henry Spencer

Daniel Fetchinson

2/28/2010 10:41:00 PM

0

>>I guess they also have some kind of a sandbox if they let people run
>>python on their machines, I'm not sure if it's open source though.
>
> Thing is, I'm sure that Google uses a critical backstop to any
> Python-based sandbox: something like a chroot jail. The Python sandbox
> is mostly there to inform you about what you can and can't do; the real
> security is provided by the OS.

I see, makes perfect sense. This then raises the question whether it's
important to have a 100% fool proof python sandbox without help from
the OS, or this goal is not only too ambitious but also not really a
useful one. One aspect might be that one might want to have a platform
independent way of sandboxing, perhaps.

Cheers,
Daniel


--
Psss, psss, put it down! - http://www.cafepress.com...

Victor Stinner

3/3/2010 2:38:00 AM

0

John Doe

3/5/2010 12:05:00 AM

0

On Wed, 03 Mar 2010 03:37:44 +0100, Victor Stinner wrote:

>> I see, makes perfect sense. This then raises the question whether it's
>> important to have a 100% fool proof python sandbox without help from
>> the OS, or this goal is not only too ambitious but also not really a
>> useful one.
>
> This is just impossible :-) PHP tried that but it's too hard to write an
> exhaustive blacklist because too much code have to be modified. If you
> require a 100% fool proof sandbox, you have to use a sandbox between the
> Python process and the OS (and not inside the Python process).

It's entirely feasible to implement a perfect sandbox at the language
level. But you have to design this in from the beginning. If you try to
retro-fit it, you end up either failing or with an entirely different
language.

A black-list approach won't work; you have to deny by default then
white-list "safe" functionality.