Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #91547

Re: Creating a reliable sandboxed Python environment

Path csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!1.eu.feeder.erje.net!eternal-september.org!feeder.eternal-september.org!mx02.eternal-september.org!.POSTED!not-for-mail
From Paul Rubin <no.email@nospam.invalid>
Newsgroups comp.lang.python
Subject Re: Creating a reliable sandboxed Python environment
Date Sat, 30 May 2015 15:36:56 -0700
Organization A noiseless patient Spider
Lines 14
Message-ID <87vbf9wv3r.fsf@jester.gateway.sonic.net> (permalink)
References <60b424a2-2273-42b2-b60c-92656af0afa5@googlegroups.com> <mk7ng1$uq3$1@ger.gmane.org> <CAPTjJmpC40fLdmGvMqCGtt82O5QWzNGyHnSGgiX_mNrz3O_LdA@mail.gmail.com> <mk90bq$dn4$1@ger.gmane.org> <mailman.160.1432885273.5151.python-list@python.org> <87h9qvxmh0.fsf@jester.gateway.sonic.net> <mailman.210.1432939749.5151.python-list@python.org> <878uc6yhtq.fsf@jester.gateway.sonic.net> <mailman.213.1432953735.5151.python-list@python.org> <874mmuy8ko.fsf@jester.gateway.sonic.net> <55697c1f$0$13013$c3e8da3$5496439d@news.astraweb.com> <87zj4lx2cz.fsf@jester.gateway.sonic.net> <mailman.233.1433024454.5151.python-list@python.org>
Mime-Version 1.0
Content-Type text/plain
Injection-Info mx02.eternal-september.org; posting-host="22184b02e80198190244f5a2dd813f11"; logging-data="23685"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+O39/xDmA7+Px4hBsmbAY5"
User-Agent Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)
Cancel-Lock sha1:jPtVDPUejIU73abR6HsyuivQCXA= sha1:VeI/HfjiymCUYHxJDedOv7ufSU8=
Xref csiph.com comp.lang.python:91547

Show key headers only | View raw

Chris Angelico <rosuav@gmail.com> writes:
> Turing completeness isn't the whole story. How do you go about
> sandboxing a Brainf* implementation such that it can be used to
> implement Python, but can't be used to read or arbitrary files from
> your file system?

We're talking about sandboxing, so preventing the sandboxed Python
interpreter written in embedded BF from accessing arbitrary files is the
whole point.  If you want to let a sandboxed program access a file, you
create some kind of managed handle outside the interpreter, and pass
that into the interpreter so the interpreted program can make a
constrained set of calls on it.  That's how Java applets work and it's
basically the opposite of Python's "consenting adults" approach which is
to let everything access everything.

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Creating a reliable sandboxed Python environment davidfstr@gmail.com - 2015-05-25 19:24 -0700
  Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-26 12:44 +1000
  Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-25 23:17 -0700
  Re: Creating a reliable sandboxed Python environment Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2015-05-26 17:10 +1000
    Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-26 09:53 +0200
    Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-26 10:02 +0200
  Re: Creating a reliable sandboxed Python environment Ned Batchelder <ned@nedbatchelder.com> - 2015-05-26 03:21 -0700
  Re: Creating a reliable sandboxed Python environment marco.nawijn@colosso.nl - 2015-05-26 05:01 -0700
  Re: Creating a reliable sandboxed Python environment davidfstr@gmail.com - 2015-05-28 09:34 -0700
    Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-30 20:13 -0700
  Re: Creating a reliable sandboxed Python environment Stefan Behnel <stefan_ml@behnel.de> - 2015-05-28 20:41 +0200
  Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-29 04:51 +1000
    Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-29 11:30 -0700
      Re: Creating a reliable sandboxed Python environment Marko Rauhamaa <marko@pacujo.net> - 2015-05-29 22:12 +0300
        Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-29 13:15 -0700
  Re: Creating a reliable sandboxed Python environment Stefan Behnel <stefan_ml@behnel.de> - 2015-05-29 08:18 +0200
  Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-29 17:41 +1000
    Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-29 11:33 -0700
      Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-30 08:49 +1000
        Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-29 18:28 -0700
          Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-30 12:42 +1000
            Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-29 21:48 -0700
              Re: Creating a reliable sandboxed Python environment Steven D'Aprano <steve@pearwood.info> - 2015-05-30 19:00 +1000
                Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-30 13:24 +0200
                Re: Creating a reliable sandboxed Python environment Steven D'Aprano <steve@pearwood.info> - 2015-05-31 09:52 +1000
                Re: Creating a reliable sandboxed Python environment Modulok <modulok@gmail.com> - 2015-05-30 19:08 -0600
                Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-31 08:14 +0200
                Re: Creating a reliable sandboxed Python environment Stefan Behnel <stefan_ml@behnel.de> - 2015-05-30 20:42 +0200
                Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-30 13:00 -0700
                Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-31 08:20 +1000
                Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-30 15:36 -0700
                Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-30 22:54 +0200
        Re: Creating a reliable sandboxed Python environment BartC <bc@freeuk.com> - 2015-05-30 13:06 +0100
          Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-30 22:37 +1000
  Re: Creating a reliable sandboxed Python environment Stefan Behnel <stefan_ml@behnel.de> - 2015-05-29 11:23 +0200
  Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-29 19:38 +1000
  Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-29 11:56 +0200

csiph-web