Re: Creating a reliable sandboxed Python environment

Path	csiph.com!v102.xanadu-bbs.net!xanadu-bbs.net!eternal-september.org!feeder.eternal-september.org!border1.nntp.ams1.giganews.com!nntp.giganews.com!newsfeed.xs4all.nl!newsfeed3a.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path	<modulok@gmail.com>
X-Original-To	python-list@python.org
Delivered-To	python-list@mail.python.org
X-Spam-Status	OK 0.001
X-Spam-Evidence	'H': 1.00; 'S': 0.00; 'python,': 0.02; 'heavily': 0.04; 'subject:Python': 0.05; 'motivated': 0.05; 'overflow': 0.07; 'pypy': 0.07; 'creighton': 0.09; 'guarded': 0.09; 'interpreter,': 0.09; 'url:pypy': 0.09; 'cc:addr:python-list': 0.10; 'thread': 0.10; 'python.': 0.11; '>>': 0.16; '"i': 0.16; 'correlation': 0.16; 'exploits': 0.16; 'of"': 0.16; 'rough': 0.16; 'to:addr:pearwood.info': 0.16; "to:name:steven d'aprano": 0.16; 'wrote:': 0.16; "wouldn't": 0.16; 'laura': 0.18; '>': 0.18; 'language': 0.19; '(not': 0.20; 'discussion': 0.20; 'cc:2**0': 0.21; 'cc:addr:python.org': 0.21; "aren't": 0.22; '2015': 0.23; 'wrote': 0.23; 'sat,': 0.23; 'header:In-Reply-To:1': 0.24; 'bugs': 0.27; 'wonder': 0.27; 'message-id:@mail.gmail.com': 0.28; 'host': 0.28; 'equally': 0.29; 'environment': 0.29; 'lines': 0.30; 'that.': 0.30; 'programmers': 0.31; 'maybe': 0.31; 'url:mailman': 0.31; 'code': 0.31; "can't": 0.32; 'possibly': 0.32; 'url:python': 0.33; "d'aprano": 0.33; 'environment,': 0.33; 'lock': 0.33; 'steven': 0.33; 'skip:& 10': 0.34; 'received:google.com': 0.34; 'url:listinfo': 0.35; 'along': 0.35; 'i.e.': 0.35; 'but': 0.36; 'being': 0.36; 'url:org': 0.36; 'there': 0.36; 'subject:: ': 0.37; 'level': 0.37; 'doing': 0.38; 'pm,': 0.39; 'url:en': 0.39; 'data': 0.40; 'where': 0.40; 'some': 0.40; 'secure': 0.61; 'even': 0.61; 'claim': 0.61; 'simple': 0.61; 'more': 0.62; '30,': 0.63; 'different': 0.64; 'due': 0.65; 'between': 0.65; 'theoretical': 0.72; '+1000,': 0.84; 'holes': 0.84; 'hostile': 0.84; 'url:latest': 0.84; 'url:readthedocs': 0.84; 'processes,': 0.93; 'technique': 0.93; 'url:sandbox': 0.93
DKIM-Signature	v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=eHR9Ozz/WuISoGZRywlRzJn0kqpjc0UkknmRawx7sk0=; b=dIvzONch02uhyAFezmN9g7pMcMRxNZeNXx2VKjn/KgQKFk0ji5ur21qQVuGrZKwBC/ Gw60Bt0g91HEtYWrikwGhXIUJzXEC9o56VyMW7erafGRuvo0XGCZKufQI0U8rVOMEhii QJ3OXVsTCxvoaQc3p8YKGvnl7yNDFAT9BssRwnMQqNIjN+LAfAus2Ex5ZoDAl+9Xfz4f EmfSrDkglsK4iPdZClVPpCUffzcRLr3495MynL9Fi+/8s4lL8Fx4We9nQz/7M/DIS9cA MzPrzfu3jaZYa3Ounu5qKMAzCCgekyApahsyEguU91ukZH7NkfFKGHln5WTU9glxJ5+9 /QIQ==
MIME-Version	1.0
X-Received	by 10.112.146.97 with SMTP id tb1mr15156508lbb.12.1433034517986; Sat, 30 May 2015 18:08:37 -0700 (PDT)
In-Reply-To	<556a4d3f$0$12998$c3e8da3$5496439d@news.astraweb.com>
References	<60b424a2-2273-42b2-b60c-92656af0afa5@googlegroups.com> <mk7ng1$uq3$1@ger.gmane.org> <CAPTjJmpC40fLdmGvMqCGtt82O5QWzNGyHnSGgiX_mNrz3O_LdA@mail.gmail.com> <mk90bq$dn4$1@ger.gmane.org> <mailman.160.1432885273.5151.python-list@python.org> <87h9qvxmh0.fsf@jester.gateway.sonic.net> <mailman.210.1432939749.5151.python-list@python.org> <878uc6yhtq.fsf@jester.gateway.sonic.net> <mailman.213.1432953735.5151.python-list@python.org> <874mmuy8ko.fsf@jester.gateway.sonic.net> <55697c1f$0$13013$c3e8da3$5496439d@news.astraweb.com> <mailman.223.1432985122.5151.python-list@python.org> <556a4d3f$0$12998$c3e8da3$5496439d@news.astraweb.com>
Date	Sat, 30 May 2015 19:08:37 -0600
Subject	Re: Creating a reliable sandboxed Python environment
From	Modulok <modulok@gmail.com>
To	"Steven D'Aprano" <steve@pearwood.info>
Cc	Python mailing list <python-list@python.org>
Content-Type	multipart/alternative; boundary=047d7b3a85a06544f905175659eb
X-BeenThere	python-list@python.org
X-Mailman-Version	2.1.20+
Precedence	list
List-Id	General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe	<https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive	<http://mail.python.org/pipermail/python-list/>
List-Post	<mailto:python-list@python.org>
List-Help	<mailto:python-list-request@python.org?subject=help>
List-Subscribe	<https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups	comp.lang.python
Message-ID	<mailman.235.1433034526.5151.python-list@python.org> (permalink)
Lines	133
NNTP-Posting-Host	2001:888:2000:d::a6
X-Trace	1433034526 news.xs4all.nl 2969 [2001:888:2000:d::a6]:51220
X-Complaints-To	abuse@xs4all.nl
Xref	csiph.com comp.lang.python:91555

Show key headers only | View raw

[Multipart message — attachments visible in raw view] - view raw

While this thread is indeed a theoretical discussion of the interpreter,
for a practical solution where you control the host environment, one might
look into OS level sandboxing like FreeBSD's Jails (not to be confused with
a simple chroot environment) along with various resource limiting
parameters. You can lock down a 'sandboxed' i.e. jailed environment for
arbitrary data and processes, including python, pretty tightly.

-Kurt-

On Sat, May 30, 2015 at 5:52 PM, Steven D'Aprano <steve@pearwood.info>
wrote:

> On Sat, 30 May 2015 09:24 pm, Laura Creighton wrote:
>
> > In a message of Sat, 30 May 2015 19:00:14 +1000, "Steven D'Aprano"
> writes:
> >>I wouldn't have imagined that the claim "it's easier to secure a small
> >>language with a few features than a big language with lots of features"
> >>would have been so controversial. I wonder if this claim will be equally
> >>as controversial?
> >>
> >>There is a rough correlation between the number of lines of code in a
> code
> >>base, and the number of potential security holes that need to be guarded
> >>against.
> >
> > Maybe these aren't controversial if you are doing langauge level
> > sandboxing, but you don't have to sandbox like that.  Consider, for a
> > moment, the sandboxing technique used by PyPy
> > discussed at
> >
> > http://pypy.readthedocs.org/en/latest/sandbox.html
> >
> > You think it is way cool, but, alas, you want to sandbox some other
> > language than Python.
>
> How many PyPy sandboxes are being used with hostile users motivated to
> break
> out of the sandbox?
>
> "I wrote a sandbox which I can't break out of" is different from "I wrote a
> sandbox which nobody can break out of". Javascript is sandboxed, but due to
> bugs in implementations, Javascript-based exploits are now heavily used by
> malware. There are possibly even more Javascript-based exploits than buffer
> overflow based exploits these days, as C programmers get better at using
> automated tools that check for buffer overflows.
>
>
>
> --
> Steven
>
> --
> https://mail.python.org/mailman/listinfo/python-list
>

Thread

Creating a reliable sandboxed Python environment davidfstr@gmail.com - 2015-05-25 19:24 -0700
  Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-26 12:44 +1000
  Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-25 23:17 -0700
  Re: Creating a reliable sandboxed Python environment Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2015-05-26 17:10 +1000
    Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-26 09:53 +0200
    Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-26 10:02 +0200
  Re: Creating a reliable sandboxed Python environment Ned Batchelder <ned@nedbatchelder.com> - 2015-05-26 03:21 -0700
  Re: Creating a reliable sandboxed Python environment marco.nawijn@colosso.nl - 2015-05-26 05:01 -0700
  Re: Creating a reliable sandboxed Python environment davidfstr@gmail.com - 2015-05-28 09:34 -0700
    Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-30 20:13 -0700
  Re: Creating a reliable sandboxed Python environment Stefan Behnel <stefan_ml@behnel.de> - 2015-05-28 20:41 +0200
  Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-29 04:51 +1000
    Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-29 11:30 -0700
      Re: Creating a reliable sandboxed Python environment Marko Rauhamaa <marko@pacujo.net> - 2015-05-29 22:12 +0300
        Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-29 13:15 -0700
  Re: Creating a reliable sandboxed Python environment Stefan Behnel <stefan_ml@behnel.de> - 2015-05-29 08:18 +0200
  Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-29 17:41 +1000
    Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-29 11:33 -0700
      Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-30 08:49 +1000
        Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-29 18:28 -0700
          Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-30 12:42 +1000
            Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-29 21:48 -0700
              Re: Creating a reliable sandboxed Python environment Steven D'Aprano <steve@pearwood.info> - 2015-05-30 19:00 +1000
                Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-30 13:24 +0200
                Re: Creating a reliable sandboxed Python environment Steven D'Aprano <steve@pearwood.info> - 2015-05-31 09:52 +1000
                Re: Creating a reliable sandboxed Python environment Modulok <modulok@gmail.com> - 2015-05-30 19:08 -0600
                Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-31 08:14 +0200
                Re: Creating a reliable sandboxed Python environment Stefan Behnel <stefan_ml@behnel.de> - 2015-05-30 20:42 +0200
                Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-30 13:00 -0700
                Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-31 08:20 +1000
                Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-30 15:36 -0700
                Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-30 22:54 +0200
        Re: Creating a reliable sandboxed Python environment BartC <bc@freeuk.com> - 2015-05-30 13:06 +0100
          Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-30 22:37 +1000
  Re: Creating a reliable sandboxed Python environment Stefan Behnel <stefan_ml@behnel.de> - 2015-05-29 11:23 +0200
  Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-29 19:38 +1000
  Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-29 11:56 +0200

csiph-web