Re: Sandboxing Python [was Re: New user's initial thoughts / criticisms of Python]

Path	csiph.com!usenet.pasdenom.info!gegeweb.org!usenet-fr.net!feeder1-2.proxad.net!proxad.net!feeder2-2.proxad.net!npeer.de.kpn-eurorings.net!npeer-ng0.de.kpn-eurorings.net!news.tele.dk!news.tele.dk!small.news.tele.dk!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail
Return-Path	<rosuav@gmail.com>
X-Original-To	python-list@python.org
Delivered-To	python-list@mail.python.org
X-Spam-Status	OK 0.000
X-Spam-Evidence	'H': 1.00; 'S': 0.00; 'python.': 0.02; 'scripts': 0.03; 'cpython': 0.05; 'sufficient': 0.05; 'subject:Python': 0.06; 'pypy': 0.07; 'spec': 0.09; 'subject: [': 0.09; 'subset': 0.09; 'yeah,': 0.09; 'python': 0.11; "wouldn't": 0.14; 'access).': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'jail': 0.16; 'subject:user': 0.16; 'wrote:': 0.18; 'trying': 0.19; 'basically': 0.19; 'stopping': 0.24; 'switched': 0.24; 'purposes': 0.26; 'header:In-Reply-To:1': 0.27; 'chris': 0.29; 'am,': 0.29; 'message-id:@mail.gmail.com': 0.30; 'code': 0.31; '(since': 0.31; "d'aprano": 0.31; 'steven': 0.31; 'file': 0.32; 'supposed': 0.32; 'run': 0.32; 'case,': 0.35; 'received:google.com': 0.35; 'there': 0.35; 'accessing': 0.36; 'should': 0.36; 'subject:New': 0.37; 'being': 0.38; 'nov': 0.38; 'subject:]': 0.38; 'to:addr:python-list': 0.38; 'to:addr:python.org': 0.39; 'system.': 0.39; 'even': 0.60; 'full': 0.61; 'our': 0.64; 'between': 0.67; 'transfer': 0.82; 'forced': 0.84; '2013': 0.98
DKIM-Signature	v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=3VNwztHegdlqtdgnDbjaWRUQxVkFIQzd45q/zFd8xO4=; b=NYbumkQCjxrLPRrq0nefruQQz4fXAUre/YOy+ABASTJXmp4icxG+iyazF+d+3edqgS atLRgm24uaau+wfwaQ/CxiHvF2PAdxXrFOlUIrnh7eEi0IgKP3/VlPwo6zCVQ713zXSZ ZDfzqtnuvuF/9gGpUHZ+mN03BIeDBSDVfaBzZCTLZg+AJeaobURR/tBvthAOAVeBkRMp H6Tl65xO6FraHeo5DYHYecx1UMSH8412KRZKiOG/6aKzHgLl5d0gS8lK2lu8CckHjW5O M8oIytQs5b+F8ozEr+dGX+XQnoJEcyF0n5oOBbrCC7Kiaa1EyBgPJJ3g3Np+hMMylELe BvXg==
MIME-Version	1.0
X-Received	by 10.68.196.227 with SMTP id ip3mr1525913pbc.163.1384011159926; Sat, 09 Nov 2013 07:32:39 -0800 (PST)
In-Reply-To	<527e53fd$0$29972$c3e8da3$5496439d@news.astraweb.com>
References	<-JadnUirYuhUruPPnZ2dnUVZ8rSdnZ2d@bt.com> <mailman.2297.1384007240.18130.python-list@python.org> <527e53fd$0$29972$c3e8da3$5496439d@news.astraweb.com>
Date	Sun, 10 Nov 2013 02:32:39 +1100
Subject	Re: Sandboxing Python [was Re: New user's initial thoughts / criticisms of Python]
From	Chris Angelico <rosuav@gmail.com>
To	python-list@python.org
Content-Type	text/plain; charset=ISO-8859-1
X-BeenThere	python-list@python.org
X-Mailman-Version	2.1.15
Precedence	list
List-Id	General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe	<https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive	<http://mail.python.org/pipermail/python-list/>
List-Post	<mailto:python-list@python.org>
List-Help	<mailto:python-list-request@python.org?subject=help>
List-Subscribe	<https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups	comp.lang.python
Message-ID	<mailman.2302.1384011169.18130.python-list@python.org> (permalink)
Lines	19
NNTP-Posting-Host	2001:888:2000:d::a6
X-Trace	1384011169 news.xs4all.nl 15994 [2001:888:2000:d::a6]:41213
X-Complaints-To	abuse@xs4all.nl
Xref	csiph.com comp.lang.python:58951

Show key headers only | View raw

On Sun, Nov 10, 2013 at 2:25 AM, Steven D'Aprano
<steve+comp.lang.python@pearwood.info> wrote:
> On Sun, 10 Nov 2013 01:27:11 +1100, Chris Angelico wrote:
>
>> I was trying to sandbox CPython and run untrusted scripts while stopping
>> them from accessing the OS or file system. It's basically impossible
>
> PyPy is supposed to come with a proper sandbox. Although even in that
> case, I think it is recommended to use a chroot jail to lock access down
> to some subset of the file system.

Yeah, which means that even that wouldn't be sufficient for our
purposes (since part of the spec is that there should be fast and
efficient data transfer between the untrusted code and the main
engine, which has full FS access). That's why we switched away from
Python altogether. Though I think my boss would have benefited from
being forced to learn Python.

ChrisA

Thread

New user's initial thoughts / criticisms of Python John von Horn <j.h69@btinternet.com> - 2013-11-09 07:08 -0600
  Re: New user's initial thoughts / criticisms of Python Ned Batchelder <ned@nedbatchelder.com> - 2013-11-09 05:22 -0800
  Re: New user's initial thoughts / criticisms of Python Joshua Landau <joshua@landau.ws> - 2013-11-09 13:27 +0000
    Re: New user's initial thoughts / criticisms of Python Jonathan <jtcegh@gmail.com> - 2013-11-09 14:44 -0800
      Re: New user's initial thoughts / criticisms of Python Chris Angelico <rosuav@gmail.com> - 2013-11-10 10:29 +1100
      Re: New user's initial thoughts / criticisms of Python MRAB <python@mrabarnett.plus.com> - 2013-11-10 00:50 +0000
      Re: New user's initial thoughts / criticisms of Python Chris Angelico <rosuav@gmail.com> - 2013-11-10 11:54 +1100
      Re: New user's initial thoughts / criticisms of Python Neil Cerutti <neilc@norwich.edu> - 2013-11-11 15:30 +0000
    Re: New user's initial thoughts / criticisms of Python Thomas Rachel <nutznetz-0c1b6768-bfa9-48d5-a470-7603bd3aa915@spamschutz.glglgl.de> - 2013-11-10 13:24 +0100
  Re: New user's initial thoughts / criticisms of Python Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-11-09 13:41 +0000
  Re: New user's initial thoughts / criticisms of Python Jussi Piitulainen <jpiitula@ling.helsinki.fi> - 2013-11-09 16:24 +0200
  Re: New user's initial thoughts / criticisms of Python Chris Angelico <rosuav@gmail.com> - 2013-11-10 01:27 +1100
    Sandboxing Python [was Re: New user's initial thoughts / criticisms of Python] Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-11-09 15:25 +0000
      Re: Sandboxing Python [was Re: New user's initial thoughts / criticisms of Python] Chris Angelico <rosuav@gmail.com> - 2013-11-10 02:32 +1100
    Re: New user's initial thoughts / criticisms of Python Jorgen Grahn <grahn+nntp@snipabacken.se> - 2013-11-10 08:47 +0000
      Re: New user's initial thoughts / criticisms of Python Chris Angelico <rosuav@gmail.com> - 2013-11-10 20:22 +1100
      Re: New user's initial thoughts / criticisms of Python Ian Kelly <ian.g.kelly@gmail.com> - 2013-11-10 04:39 -0700
      Re: New user's initial thoughts / criticisms of Python Chris Angelico <rosuav@gmail.com> - 2013-11-10 22:43 +1100
      Re: New user's initial thoughts / criticisms of Python Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-11-10 12:12 -0500
      Re: New user's initial thoughts / criticisms of Python Chris Angelico <rosuav@gmail.com> - 2013-11-11 10:29 +1100
      Re: New user's initial thoughts / criticisms of Python Terry Reedy <tjreedy@udel.edu> - 2013-11-10 19:13 -0500
  Re: New user's initial thoughts / criticisms of Python rusi <rustompmody@gmail.com> - 2013-11-09 07:38 -0800
    Re: New user's initial thoughts / criticisms of Python Roy Smith <roy@panix.com> - 2013-11-09 10:56 -0500
      Re: New user's initial thoughts / criticisms of Python rusi <rustompmody@gmail.com> - 2013-11-09 08:30 -0800
        Re: New user's initial thoughts / criticisms of Python Rick Johnson <rantingrickjohnson@gmail.com> - 2013-11-10 21:36 -0800
          Re: New user's initial thoughts / criticisms of Python Roy Smith <roy@panix.com> - 2013-11-11 09:01 -0500
            Re: New user's initial thoughts / criticisms of Python rusi <rustompmody@gmail.com> - 2013-11-11 07:14 -0800
            Re: New user's initial thoughts / criticisms of Python Dennis Lee Bieber <wlfraed@ix.netcom.com> - 2013-11-11 21:05 -0500
            Re: New user's initial thoughts / criticisms of Python Ethan Furman <ethan@stoneleaf.us> - 2013-11-12 14:38 -0800
  Re: New user's initial thoughts / criticisms of Python John von Horn <j.h69@btinternet.com> - 2013-11-09 14:19 -0600
  Re: New user's initial thoughts / criticisms of Python Tim Chase <python.list@tim.thechases.com> - 2013-11-09 14:39 -0600
  Re: New user's initial thoughts / criticisms of Python Mark Janssen <dreamingforward@gmail.com> - 2013-11-09 12:33 -0800
    Re: New user's initial thoughts / criticisms of Python Ned Batchelder <ned@nedbatchelder.com> - 2013-11-09 12:54 -0800
      Re: New user's initial thoughts / criticisms of Python Mark Janssen <dreamingforward@gmail.com> - 2013-11-09 13:21 -0800
  Re: New user's initial thoughts / criticisms of Python Mark Lawrence <breamoreboy@yahoo.co.uk> - 2013-11-09 21:01 +0000
  Re: New user's initial thoughts / criticisms of Python Tim Chase <python.list@tim.thechases.com> - 2013-11-09 15:20 -0600
  Re: New user's initial thoughts / criticisms of Python lorenzo.gatti@gmail.com - 2013-11-11 02:09 -0800
    Re: New user's initial thoughts / criticisms of Python Chris Angelico <rosuav@gmail.com> - 2013-11-11 21:39 +1100
      Re: New user's initial thoughts / criticisms of Python Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2013-11-11 11:17 +0000
        Re: New user's initial thoughts / criticisms of Python Chris Angelico <rosuav@gmail.com> - 2013-11-11 22:32 +1100
        Re: New user's initial thoughts / criticisms of Python Mark Janssen <dreamingforward@gmail.com> - 2013-11-11 14:29 -0800
    Re: New user's initial thoughts / criticisms of Python Robert Kern <robert.kern@gmail.com> - 2013-11-11 11:53 +0000
    Re: New user's initial thoughts / criticisms of Python Chris Angelico <rosuav@gmail.com> - 2013-11-11 23:07 +1100
    Re: New user's initial thoughts / criticisms of Python Joshua Landau <joshua@landau.ws> - 2013-11-11 20:50 +0000
    Re: New user's initial thoughts / criticisms of Python Chris Angelico <rosuav@gmail.com> - 2013-11-12 09:21 +1100
    Re: New user's initial thoughts / criticisms of Python Joshua Landau <joshua@landau.ws> - 2013-11-12 01:53 +0000

csiph-web