Path: csiph.com!usenet.pasdenom.info!gegeweb.org!usenet-fr.net!feeder1-2.proxad.net!proxad.net!feeder2-2.proxad.net!npeer.de.kpn-eurorings.net!npeer-ng0.de.kpn-eurorings.net!news.tele.dk!news.tele.dk!small.news.tele.dk!newsgate.cistron.nl!newsgate.news.xs4all.nl!post.news.xs4all.nl!not-for-mail Return-Path: X-Original-To: python-list@python.org Delivered-To: python-list@mail.python.org X-Spam-Status: OK 0.000 X-Spam-Evidence: '*H*': 1.00; '*S*': 0.00; 'python.': 0.02; 'scripts': 0.03; 'cpython': 0.05; 'sufficient': 0.05; 'subject:Python': 0.06; 'pypy': 0.07; 'spec': 0.09; 'subject: [': 0.09; 'subset': 0.09; 'yeah,': 0.09; 'python': 0.11; "wouldn't": 0.14; 'access).': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'jail': 0.16; 'subject:user': 0.16; 'wrote:': 0.18; 'trying': 0.19; 'basically': 0.19; 'stopping': 0.24; 'switched': 0.24; 'purposes': 0.26; 'header:In-Reply-To:1': 0.27; 'chris': 0.29; 'am,': 0.29; 'message-id:@mail.gmail.com': 0.30; 'code': 0.31; '(since': 0.31; "d'aprano": 0.31; 'steven': 0.31; 'file': 0.32; 'supposed': 0.32; 'run': 0.32; 'case,': 0.35; 'received:google.com': 0.35; 'there': 0.35; 'accessing': 0.36; 'should': 0.36; 'subject:New': 0.37; 'being': 0.38; 'nov': 0.38; 'subject:]': 0.38; 'to:addr:python-list': 0.38; 'to:addr:python.org': 0.39; 'system.': 0.39; 'even': 0.60; 'full': 0.61; 'our': 0.64; 'between': 0.67; 'transfer': 0.82; 'forced': 0.84; '2013': 0.98 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=3VNwztHegdlqtdgnDbjaWRUQxVkFIQzd45q/zFd8xO4=; b=NYbumkQCjxrLPRrq0nefruQQz4fXAUre/YOy+ABASTJXmp4icxG+iyazF+d+3edqgS atLRgm24uaau+wfwaQ/CxiHvF2PAdxXrFOlUIrnh7eEi0IgKP3/VlPwo6zCVQ713zXSZ ZDfzqtnuvuF/9gGpUHZ+mN03BIeDBSDVfaBzZCTLZg+AJeaobURR/tBvthAOAVeBkRMp H6Tl65xO6FraHeo5DYHYecx1UMSH8412KRZKiOG/6aKzHgLl5d0gS8lK2lu8CckHjW5O M8oIytQs5b+F8ozEr+dGX+XQnoJEcyF0n5oOBbrCC7Kiaa1EyBgPJJ3g3Np+hMMylELe BvXg== MIME-Version: 1.0 X-Received: by 10.68.196.227 with SMTP id ip3mr1525913pbc.163.1384011159926; Sat, 09 Nov 2013 07:32:39 -0800 (PST) In-Reply-To: <527e53fd$0$29972$c3e8da3$5496439d@news.astraweb.com> References: <-JadnUirYuhUruPPnZ2dnUVZ8rSdnZ2d@bt.com> <527e53fd$0$29972$c3e8da3$5496439d@news.astraweb.com> Date: Sun, 10 Nov 2013 02:32:39 +1100 Subject: Re: Sandboxing Python [was Re: New user's initial thoughts / criticisms of Python] From: Chris Angelico To: python-list@python.org Content-Type: text/plain; charset=ISO-8859-1 X-BeenThere: python-list@python.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: General discussion list for the Python programming language List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Newsgroups: comp.lang.python Message-ID: Lines: 19 NNTP-Posting-Host: 2001:888:2000:d::a6 X-Trace: 1384011169 news.xs4all.nl 15994 [2001:888:2000:d::a6]:41213 X-Complaints-To: abuse@xs4all.nl Xref: csiph.com comp.lang.python:58951 On Sun, Nov 10, 2013 at 2:25 AM, Steven D'Aprano wrote: > On Sun, 10 Nov 2013 01:27:11 +1100, Chris Angelico wrote: > >> I was trying to sandbox CPython and run untrusted scripts while stopping >> them from accessing the OS or file system. It's basically impossible > > PyPy is supposed to come with a proper sandbox. Although even in that > case, I think it is recommended to use a chroot jail to lock access down > to some subset of the file system. Yeah, which means that even that wouldn't be sufficient for our purposes (since part of the spec is that there should be fast and efficient data transfer between the untrusted code and the main engine, which has full FS access). That's why we switched away from Python altogether. Though I think my boss would have benefited from being forced to learn Python. ChrisA