Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #91555

Re: Creating a reliable sandboxed Python environment

References (8 earlier) <mailman.213.1432953735.5151.python-list@python.org> <874mmuy8ko.fsf@jester.gateway.sonic.net> <55697c1f$0$13013$c3e8da3$5496439d@news.astraweb.com> <mailman.223.1432985122.5151.python-list@python.org> <556a4d3f$0$12998$c3e8da3$5496439d@news.astraweb.com>
Date 2015-05-30 19:08 -0600
Subject Re: Creating a reliable sandboxed Python environment
From Modulok <modulok@gmail.com>
Newsgroups comp.lang.python
Message-ID <mailman.235.1433034526.5151.python-list@python.org> (permalink)

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

While this thread is indeed a theoretical discussion of the interpreter,
for a practical solution where you control the host environment, one might
look into OS level sandboxing like FreeBSD's Jails (not to be confused with
a simple chroot environment) along with various resource limiting
parameters. You can lock down a 'sandboxed' i.e. jailed environment for
arbitrary data and processes, including python, pretty tightly.

-Kurt-

On Sat, May 30, 2015 at 5:52 PM, Steven D'Aprano <steve@pearwood.info>
wrote:

> On Sat, 30 May 2015 09:24 pm, Laura Creighton wrote:
>
> > In a message of Sat, 30 May 2015 19:00:14 +1000, "Steven D'Aprano"
> writes:
> >>I wouldn't have imagined that the claim "it's easier to secure a small
> >>language with a few features than a big language with lots of features"
> >>would have been so controversial. I wonder if this claim will be equally
> >>as controversial?
> >>
> >>There is a rough correlation between the number of lines of code in a
> code
> >>base, and the number of potential security holes that need to be guarded
> >>against.
> >
> > Maybe these aren't controversial if you are doing langauge level
> > sandboxing, but you don't have to sandbox like that.  Consider, for a
> > moment, the sandboxing technique used by PyPy
> > discussed at
> >
> > http://pypy.readthedocs.org/en/latest/sandbox.html
> >
> > You think it is way cool, but, alas, you want to sandbox some other
> > language than Python.
>
> How many PyPy sandboxes are being used with hostile users motivated to
> break
> out of the sandbox?
>
> "I wrote a sandbox which I can't break out of" is different from "I wrote a
> sandbox which nobody can break out of". Javascript is sandboxed, but due to
> bugs in implementations, Javascript-based exploits are now heavily used by
> malware. There are possibly even more Javascript-based exploits than buffer
> overflow based exploits these days, as C programmers get better at using
> automated tools that check for buffer overflows.
>
>
>
> --
> Steven
>
> --
> https://mail.python.org/mailman/listinfo/python-list
>

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Creating a reliable sandboxed Python environment davidfstr@gmail.com - 2015-05-25 19:24 -0700
  Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-26 12:44 +1000
  Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-25 23:17 -0700
  Re: Creating a reliable sandboxed Python environment Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2015-05-26 17:10 +1000
    Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-26 09:53 +0200
    Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-26 10:02 +0200
  Re: Creating a reliable sandboxed Python environment Ned Batchelder <ned@nedbatchelder.com> - 2015-05-26 03:21 -0700
  Re: Creating a reliable sandboxed Python environment marco.nawijn@colosso.nl - 2015-05-26 05:01 -0700
  Re: Creating a reliable sandboxed Python environment davidfstr@gmail.com - 2015-05-28 09:34 -0700
    Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-30 20:13 -0700
  Re: Creating a reliable sandboxed Python environment Stefan Behnel <stefan_ml@behnel.de> - 2015-05-28 20:41 +0200
  Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-29 04:51 +1000
    Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-29 11:30 -0700
      Re: Creating a reliable sandboxed Python environment Marko Rauhamaa <marko@pacujo.net> - 2015-05-29 22:12 +0300
        Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-29 13:15 -0700
  Re: Creating a reliable sandboxed Python environment Stefan Behnel <stefan_ml@behnel.de> - 2015-05-29 08:18 +0200
  Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-29 17:41 +1000
    Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-29 11:33 -0700
      Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-30 08:49 +1000
        Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-29 18:28 -0700
          Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-30 12:42 +1000
            Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-29 21:48 -0700
              Re: Creating a reliable sandboxed Python environment Steven D'Aprano <steve@pearwood.info> - 2015-05-30 19:00 +1000
                Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-30 13:24 +0200
                Re: Creating a reliable sandboxed Python environment Steven D'Aprano <steve@pearwood.info> - 2015-05-31 09:52 +1000
                Re: Creating a reliable sandboxed Python environment Modulok <modulok@gmail.com> - 2015-05-30 19:08 -0600
                Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-31 08:14 +0200
                Re: Creating a reliable sandboxed Python environment Stefan Behnel <stefan_ml@behnel.de> - 2015-05-30 20:42 +0200
                Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-30 13:00 -0700
                Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-31 08:20 +1000
                Re: Creating a reliable sandboxed Python environment Paul Rubin <no.email@nospam.invalid> - 2015-05-30 15:36 -0700
                Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-30 22:54 +0200
        Re: Creating a reliable sandboxed Python environment BartC <bc@freeuk.com> - 2015-05-30 13:06 +0100
          Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-30 22:37 +1000
  Re: Creating a reliable sandboxed Python environment Stefan Behnel <stefan_ml@behnel.de> - 2015-05-29 11:23 +0200
  Re: Creating a reliable sandboxed Python environment Chris Angelico <rosuav@gmail.com> - 2015-05-29 19:38 +1000
  Re: Creating a reliable sandboxed Python environment Laura Creighton <lac@openend.se> - 2015-05-29 11:56 +0200

csiph-web