Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!1.eu.feeder.erje.net!eternal-september.org!feeder.eternal-september.org!mx02.eternal-september.org!.POSTED!not-for-mail From: Paul Rubin Newsgroups: comp.lang.python Subject: Re: Creating a reliable sandboxed Python environment Date: Sat, 30 May 2015 15:36:56 -0700 Organization: A noiseless patient Spider Lines: 14 Message-ID: <87vbf9wv3r.fsf@jester.gateway.sonic.net> References: <60b424a2-2273-42b2-b60c-92656af0afa5@googlegroups.com> <87h9qvxmh0.fsf@jester.gateway.sonic.net> <878uc6yhtq.fsf@jester.gateway.sonic.net> <874mmuy8ko.fsf@jester.gateway.sonic.net> <55697c1f$0$13013$c3e8da3$5496439d@news.astraweb.com> <87zj4lx2cz.fsf@jester.gateway.sonic.net> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: mx02.eternal-september.org; posting-host="22184b02e80198190244f5a2dd813f11"; logging-data="23685"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+O39/xDmA7+Px4hBsmbAY5" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux) Cancel-Lock: sha1:jPtVDPUejIU73abR6HsyuivQCXA= sha1:VeI/HfjiymCUYHxJDedOv7ufSU8= Xref: csiph.com comp.lang.python:91547 Chris Angelico writes: > Turing completeness isn't the whole story. How do you go about > sandboxing a Brainf* implementation such that it can be used to > implement Python, but can't be used to read or arbitrary files from > your file system? We're talking about sandboxing, so preventing the sandboxed Python interpreter written in embedded BF from accessing arbitrary files is the whole point. If you want to let a sandboxed program access a file, you create some kind of managed handle outside the interpreter, and pass that into the interpreter so the interpreted program can make a constrained set of calls on it. That's how Java applets work and it's basically the opposite of Python's "consenting adults" approach which is to let everything access everything.