<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Nov 13, 2013 at 1:05 PM, Eli Bendersky <span dir="ltr"><<a href="mailto:eliben@gmail.com" target="_blank">eliben@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote"><div><div class="h5">On Wed, Nov 13, 2013 at 6:58 AM, Brett Cannon <span dir="ltr"><<a href="mailto:brett@python.org" target="_blank">brett@python.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote"><div>On Wed, Nov 13, 2013 at 6:30 AM, Facundo Batista <span dir="ltr"><<a href="mailto:facundobatista@gmail.com" target="_blank">facundobatista@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>On Wed, Nov 13, 2013 at 4:37 AM, Maciej Fijalkowski <<a href="mailto:fijall@gmail.com" target="_blank">fijall@gmail.com</a>> wrote:<br>
<br>
>> Do you think it would be productive to create an independent Python<br>
>> compiler, designed with sandboxing in mind from the beginning?<br>
><br>
> PyPy sandbox does work FYI<br>
><br>
> It might not do exactly what you want, but it both provides a full<br>
> python and security.<br>
<br>
</div>If we have sandboxing using PyPy... what also we need to put Python<br>
running in the browser? (like javascript, you know)<br>
<br>
Thanks!<br></blockquote><div><br></div></div><div>You can try to get PNaCl to work with Python to get a Python executable that at least Chrome can run. <br></div></div></div></div></blockquote><div><br></div></div></div>
<div>Two corrections:<br>
<br></div><div>1. CPython already works with NaCl and PNaCl (there are working patches in naclports to build it)<br></div></div></div></div></blockquote><div><br></div><div>Anything that should be upstreamed?</div><div> </div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div></div><div>2. It can be used outside Chrome as well, using the standalone "sel_ldr" tool that will then allow to run a sandboxed CPython .nexe from the command line<br>
</div></div></div></div></blockquote><div><br></div><div>Sure, but I was just thinking about the "in browser" question Facundo asked about.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div>
<br></div><div>Note that this is a fundamentally different sandboxing model (the whole interpreter is run in a sandbox), but it's also more secure. PNaCl has shipped publicly yesterday, so Chrome runs native code *from the web* on your machine - a lot of security research and work went into making this possible.<br>
<br>As for performance, the sandboxing overhead of NaCl is very low (< 10% in most cases).</div></div></div></div></blockquote><div><br></div><div>I feel like we need to have a page at <a href="http://python.org">python.org</a> (or somewhere) that provides every which way to run Python from the browser for people to try the interpreter out as easily as possible. </div>
</div></div></div>