Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #91512

Re: Creating a reliable sandboxed Python environment

Path csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!1.eu.feeder.erje.net!newsfeed.xs4all.nl!newsfeed4.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path <rosuav@gmail.com>
X-Original-To python-list@python.org
Delivered-To python-list@mail.python.org
X-Spam-Status OK 0.004
X-Spam-Evidence '*H*': 0.99; '*S*': 0.00; 'python,': 0.02; 'subject:Python': 0.05; 'interpreter.': 0.07; 'reason,': 0.07; 'none.': 0.09; 'security.': 0.09; 'cc:addr:python-list': 0.10; 'thread': 0.10; 'python': 0.11; 'interpreter': 0.15; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'permits': 0.16; 'security?': 0.16; 'wrote:': 0.16; '"you': 0.18; 'cc:2**0': 0.21; 'cc:addr:python.org': 0.21; 'embedding': 0.22; 'am,': 0.23; '2015': 0.23; 'bigger': 0.23; 'sat,': 0.23; 'unlike': 0.23; "haven't": 0.24; 'header:In-Reply-To:1': 0.24; 'paul': 0.24; 'chris': 0.26; 'mostly': 0.27; 'message-id:@mail.gmail.com': 0.28; 'connection': 0.30; 'run': 0.32; 'received:google.com': 0.34; 'something': 0.35; 'but': 0.36; 'being': 0.36; 'there': 0.36; 'totally': 0.36; 'subject:: ': 0.37; 'mean': 0.38; 'provide': 0.61; '30,': 0.63; 'between': 0.65; 'price.': 0.76; 'actions,': 0.84; 'chrisa': 0.84; 'lacks': 0.84; 'to:none': 0.90; '"how': 0.91; 'responses': 0.93; 'safe.': 0.93
DKIM-Signature v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=787ePy2Pgr0yO0T3RlaBe3vFYUxZVqEb3R0AYYuiSl4=; b=anbKwF/rLttGcLqJGuaP/mw1yC02Zx9ofCuObrTmG9TlwWfopE7eeRT7sSPanOwyzZ qL+brUhNug89U50WSTJ7oaMjmoQSh8zpsCxrjaAOfFKKUg3bsYfHozK7DR+W43wd7ffU iz+oXyCmM1TJYaJywW/r+riL6F66JruUZLajtuZBsmI6ZoB6gXv52NOZLuam/hJ6osXt rklUpyIw6GM9zc7G/SeBa7A2lin2KD2/dzqD7aFwuzPR6Gclb2TfXciaDejm1wkdOvLl JNCr4ijCQ5kQiNRfxKG+GJiMwjaa7azMmzZBqkdt8WpsduIg4MVvxMAPCSTGQxeIDFiS suAg==
MIME-Version 1.0
X-Received by 10.107.134.153 with SMTP id q25mr13572307ioi.27.1432953732406; Fri, 29 May 2015 19:42:12 -0700 (PDT)
In-Reply-To <878uc6yhtq.fsf@jester.gateway.sonic.net>
References <60b424a2-2273-42b2-b60c-92656af0afa5@googlegroups.com> <mk7ng1$uq3$1@ger.gmane.org> <CAPTjJmpC40fLdmGvMqCGtt82O5QWzNGyHnSGgiX_mNrz3O_LdA@mail.gmail.com> <mk90bq$dn4$1@ger.gmane.org> <mailman.160.1432885273.5151.python-list@python.org> <87h9qvxmh0.fsf@jester.gateway.sonic.net> <mailman.210.1432939749.5151.python-list@python.org> <878uc6yhtq.fsf@jester.gateway.sonic.net>
Date Sat, 30 May 2015 12:42:12 +1000
Subject Re: Creating a reliable sandboxed Python environment
From Chris Angelico <rosuav@gmail.com>
Cc "python-list@python.org" <python-list@python.org>
Content-Type text/plain; charset=UTF-8
X-BeenThere python-list@python.org
X-Mailman-Version 2.1.20+
Precedence list
List-Id General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive <http://mail.python.org/pipermail/python-list/>
List-Post <mailto:python-list@python.org>
List-Help <mailto:python-list-request@python.org?subject=help>
List-Subscribe <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups comp.lang.python
Message-ID <mailman.213.1432953735.5151.python-list@python.org> (permalink)
Lines 22
NNTP-Posting-Host 2001:888:2000:d::a6
X-Trace 1432953735 news.xs4all.nl 2897 [2001:888:2000:d::a6]:36077
X-Complaints-To abuse@xs4all.nl
Xref csiph.com comp.lang.python:91512

Show key headers only | View raw

On Sat, May 30, 2015 at 11:28 AM, Paul Rubin <no.email@nospam.invalid> wrote:
> Chris Angelico <rosuav@gmail.com> writes:
>> Do you see what I mean about functionality being sacrificed for
>> security?
>
> No I don't.  Lua has less functionality because it was designed to have
> a small embedding footprint.  Python is much bigger because it was
> mostly designed to run as a standalone interpreter.  That has nothing to
> do with security.  You haven't shown the slightest connection between
> Lua's lower functionality and its higher sandbox security, because there
> is none.  The lower functionality is because of a totally independent
> reason, namely the desire to make the interpreter smaller.

This thread started out as "How can I sandbox Python inside Python?".
One of the responses was "You can't, but try sandboxing Lua inside
Python instead". This has the cost that Lua, unlike Python, simply
lacks features. You can *easily* sandbox something that has very
little functionality - all you have to do is provide a minimalist
"language" that permits only a very few actions, and you know it's
safe. But that security comes at a price.

ChrisA

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Creating a reliable sandboxed Python environment davidfstr@gmail.com - 2015-05-25 19:24 -0700
  Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-26 12:44 +1000
  Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-25 23:17 -0700
  Re: Creating a reliable sandboxed Python environment Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2015-05-26 17:10 +1000
    Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-26 09:53 +0200
    Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-26 10:02 +0200
  Re: Creating a reliable sandboxed Python environment Ned Batchelder <ned@nedbatchelder.com> - 2015-05-26 03:21 -0700
  Re: Creating a reliable sandboxed Python environment marco.nawijn@colosso.nl - 2015-05-26 05:01 -0700
  Re: Creating a reliable sandboxed Python environment davidfstr@gmail.com - 2015-05-28 09:34 -0700
    Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-30 20:13 -0700
  Re: Creating a reliable sandboxed Python environment Stefan Behnel <stefan_ml@behnel.de> - 2015-05-28 20:41 +0200
  Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-29 04:51 +1000
    Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-29 11:30 -0700
      Re: Creating a reliable sandboxed Python environment Marko Rauhamaa <marko@pacujo.net> - 2015-05-29 22:12 +0300
        Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-29 13:15 -0700
  Re: Creating a reliable sandboxed Python environment Stefan Behnel <stefan_ml@behnel.de> - 2015-05-29 08:18 +0200
  Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-29 17:41 +1000
    Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-29 11:33 -0700
      Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-30 08:49 +1000
        Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-29 18:28 -0700
          Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-30 12:42 +1000
            Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-29 21:48 -0700
              Re: Creating a reliable sandboxed Python environment Steven D'Aprano <steve@pearwood.info> - 2015-05-30 19:00 +1000
                Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-30 13:24 +0200
                Re: Creating a reliable sandboxed Python environment Steven D'Aprano <steve@pearwood.info> - 2015-05-31 09:52 +1000
                Re: Creating a reliable sandboxed Python environment Modulok <modulok@gmail.com> - 2015-05-30 19:08 -0600
                Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-31 08:14 +0200
                Re: Creating a reliable sandboxed Python environment Stefan Behnel <stefan_ml@behnel.de> - 2015-05-30 20:42 +0200
                Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-30 13:00 -0700
                Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-31 08:20 +1000
                Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-30 15:36 -0700
                Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-30 22:54 +0200
        Re: Creating a reliable sandboxed Python environment BartC <bc@freeuk.com> - 2015-05-30 13:06 +0100
          Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-30 22:37 +1000
  Re: Creating a reliable sandboxed Python environment Stefan Behnel <stefan_ml@behnel.de> - 2015-05-29 11:23 +0200
  Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-29 19:38 +1000
  Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-29 11:56 +0200

csiph-web