Path: csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!feeder.erje.net!1.eu.feeder.erje.net!newsfeed.xs4all.nl!newsfeed4.news.xs4all.nl!xs4all!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.004 X-Spam-Evidence: '*H*': 0.99; '*S*': 0.00; 'python,': 0.02; 'subject:Python': 0.05; 'interpreter.': 0.07; 'reason,': 0.07; 'none.': 0.09; 'security.': 0.09; 'cc:addr:python-list': 0.10; 'thread': 0.10; 'python': 0.11; 'interpreter': 0.15; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'permits': 0.16; 'security?': 0.16; 'wrote:': 0.16; '"you': 0.18; 'cc:2**0': 0.21; 'cc:addr:python.org': 0.21; 'embedding': 0.22; 'am,': 0.23; '2015': 0.23; 'bigger': 0.23; 'sat,': 0.23; 'unlike': 0.23; "haven't": 0.24; 'header:In-Reply-To:1': 0.24; 'paul': 0.24; 'chris': 0.26; 'mostly': 0.27; 'message-id:@mail.gmail.com': 0.28; 'connection': 0.30; 'run': 0.32; 'received:google.com': 0.34; 'something': 0.35; 'but': 0.36; 'being': 0.36; 'there': 0.36; 'totally': 0.36; 'subject:: ': 0.37; 'mean': 0.38; 'provide': 0.61; '30,': 0.63; 'between': 0.65; 'price.': 0.76; 'actions,': 0.84; 'chrisa': 0.84; 'lacks': 0.84; 'to:none': 0.90; '"how': 0.91; 'responses': 0.93; 'safe.': 0.93 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-type; bh=787ePy2Pgr0yO0T3RlaBe3vFYUxZVqEb3R0AYYuiSl4=; b=anbKwF/rLttGcLqJGuaP/mw1yC02Zx9ofCuObrTmG9TlwWfopE7eeRT7sSPanOwyzZ qL+brUhNug89U50WSTJ7oaMjmoQSh8zpsCxrjaAOfFKKUg3bsYfHozK7DR+W43wd7ffU iz+oXyCmM1TJYaJywW/r+riL6F66JruUZLajtuZBsmI6ZoB6gXv52NOZLuam/hJ6osXt rklUpyIw6GM9zc7G/SeBa7A2lin2KD2/dzqD7aFwuzPR6Gclb2TfXciaDejm1wkdOvLl JNCr4ijCQ5kQiNRfxKG+GJiMwjaa7azMmzZBqkdt8WpsduIg4MVvxMAPCSTGQxeIDFiS suAg== MIME-Version: 1.0 X-Received: by 10.107.134.153 with SMTP id q25mr13572307ioi.27.1432953732406; Fri, 29 May 2015 19:42:12 -0700 (PDT) In-Reply-To: <878uc6yhtq.fsf@jester.gateway.sonic.net> References: <60b424a2-2273-42b2-b60c-92656af0afa5@googlegroups.com> <87h9qvxmh0.fsf@jester.gateway.sonic.net> <878uc6yhtq.fsf@jester.gateway.sonic.net> Date: Sat, 30 May 2015 12:42:12 +1000 Subject: Re: Creating a reliable sandboxed Python environment From: Chris Angelico Cc: "python-list@python.org" Content-Type: text/plain; charset=UTF-8 X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.20+ Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 22 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1432953735 news.xs4all.nl 2897 [2001:888:2000:d::a6]:36077 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:91512 On Sat, May 30, 2015 at 11:28 AM, Paul Rubin wrote: > Chris Angelico writes: >> Do you see what I mean about functionality being sacrificed for >> security? > > No I don't. Lua has less functionality because it was designed to have > a small embedding footprint. Python is much bigger because it was > mostly designed to run as a standalone interpreter. That has nothing to > do with security. You haven't shown the slightest connection between > Lua's lower functionality and its higher sandbox security, because there > is none. The lower functionality is because of a totally independent > reason, namely the desire to make the interpreter smaller. This thread started out as "How can I sandbox Python inside Python?". One of the responses was "You can't, but try sandboxing Lua inside Python instead". This has the cost that Lua, unlike Python, simply lacks features. You can *easily* sandbox something that has very little functionality - all you have to do is provide a minimalist "language" that permits only a very few actions, and you know it's safe. But that security comes at a price. ChrisA