Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!1.eu.feeder.erje.net!newsfeed.xs4all.nl!newsfeed4a.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path: <lac@openend.se>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.002
X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'subject:Python': 0.05; 'cpython': 0.05; 'pypy': 0.07; 'app,': 0.09; 'received:openend.se': 0.09; 'received:theraft.openend.se': 0.09; 'url:pypy': 0.09; 'cc:addr:python-list': 0.10; 'python.': 0.11; 'cc:addr:lac': 0.16; 'cc:addr:openend.se': 0.16; 'from:addr:lac': 0.16; 'from:addr:openend.se': 0.16; 'from:name:laura creighton': 0.16; 'message-id:@fido.openend.se': 0.16; 'received:89.233': 0.16; 'received:89.233.217': 0.16; 'received:89.233.217.133': 0.16; 'received:fido': 0.16; 'received:fido.openend.se': 0.16; 'laura': 0.18; 'otherwise,': 0.20; 'cc:addr:python.org': 0.21; 'cc:2**1': 0.22; 'do.': 0.22; 'cc:no real name:2**0': 0.23; '2015': 0.23; 'header:In-Reply-To:1': 0.24; 'chris': 0.26; 'received:se': 0.29; 'fri,': 0.31; 'run': 0.32; 'point': 0.33; 'previous': 0.34; 'skip:> 10': 0.35; 'unicode': 0.35; 'something': 0.35; 'but': 0.36; 'url:org': 0.36; 'subject:: ': 0.37; 'charset :us-ascii': 0.37; 'support,': 0.37; 'url:en': 0.39; 'your': 0.60; 'header:Message-Id:1': 0.62; 'stand': 0.64; 'price': 0.68; 'lose': 0.76; 'received:89': 0.80; '+1000,': 0.84; 'url:latest': 0.84; 'url:readthedocs': 0.84; 'url:sandbox': 0.93
To: Chris Angelico <rosuav@gmail.com>
cc: "python-list@python.org" <python-list@python.org>, lac@openend.se
From: Laura Creighton <lac@openend.se>
Subject: Re: Creating a reliable sandboxed Python environment
In-Reply-To: Message from Chris Angelico <rosuav@gmail.com> of "Fri, 29 May 2015 19:38:21 +1000." <CAPTjJmqF_wm7mCVg3i4KWCemyMXWLwVEZXor1m+8wrw8PCjmvg@mail.gmail.com>
References: <60b424a2-2273-42b2-b60c-92656af0afa5@googlegroups.com> <mk7ng1$uq3$1@ger.gmane.org> <CAPTjJmpC40fLdmGvMqCGtt82O5QWzNGyHnSGgiX_mNrz3O_LdA@mail.gmail.com> <mk90bq$dn4$1@ger.gmane.org> <CAPTjJmrYQtT3TbCHL7ss8nq4JTszuDDc07uPdHOUkiAczVu_+w@mail.gmail.com> <mk9b65$rp6$1@ger.gmane.org><CAPTjJmqF_wm7mCVg3i4KWCemyMXWLwVEZXor1m+8wrw8PCjmvg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <16420.1432893377.1@fido>
Date: Fri, 29 May 2015 11:56:17 +0200
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.3.9 (theraft.openend.se [89.233.217.130]); Fri, 29 May 2015 11:56:20 +0200 (CEST)
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.20+
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list/>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.167.1432893390.5151.python-list@python.org>
Lines: 15
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1432893390 news.xs4all.nl 2952 [2001:888:2000:d::a6]:39403
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:91440

In a message of Fri, 29 May 2015 19:38:21 +1000, Chris Angelico writes:
>The point was to sandbox something inside Python. Otherwise, yes, just
>write it in Python. But if you do have to sandbox like this, you lose
>language-level Unicode support, language-level arbitrary precision
>integers, etcetera, etcetera, etcetera. So I stand by my previous
>statement: The price of security is functionality.
>
>ChrisA

You can run a pypy sandbox from inside your CPython app, if that
is what you want to do.  http://pypy.readthedocs.org/en/latest/sandbox.html

Just FYI.

Laura