[pypy-dev] New - untrusted code
holger at merlinux.eu
Wed Nov 11 18:17:06 CET 2009
On Wed, Nov 11, 2009 at 11:06 -0500, Victor Williamson wrote:
> Hello Pypy dev,
> I am researching ways to allow applications to safely import untrusted
> code in Python without having to run the malicious code in its own
> process; Pypy may be a good prototyping environment. I want to
> verify if any work either as an extension or as interpreter changes has
> been done to handle untrusted imports in Pypy.
cool. Have you read http://codespeak.net/pypy/dist/pypy/doc/sandbox.html ?
I don't know about projects using PyPy's sandboxing currently.
The raw functionality is very powerful but work on deployment
and usage is due.
During the ongoing Duesseldorf sprint we discussed about a new
model to use transparent proxying techniques (http://tinyurl.com/mrq9nc )
to perform imports through a "interpreter backend" subprocess, e.g.
CPython, Jython, IPy. In this mode a Sandboxed PyPy could
run native applications and represent remote python objects
transparently. As a starting point we discussed running
QT applications from PyPy in this manner.
I am interested to work on related topics. In particular i plan
to work on http://codespeak.net/execnet in the upcoming weeks in
order to make ad-hoc configuration and deployment of Python
interpreters a breeze (also for cross-interpreter testing).
Always interested in peers :)
More information about the Pypy-dev