Thanks, (to all of you) This clarifies things quite a bit. Something to look at in 2008, after the Crunchy 1.0 release. André On 12/10/07, Carl Friedrich Bolz <cfbolz@gmx.de> wrote:
Hi André,
I'm trying to clear up some confusion:
Andre Roberge wrote: [snip]
On Dec 9, 2007 6:04 PM, Laura Creighton <lac@openend.se> wrote:
the student's code run? On the student's machine? or on the teacher's server machine?
Right now Crunchy is primarily used in a single user environment. It would be possible to host it on a server, but it would be very insecure to do so. Ideally it should be hosted in a secure way on a server in most situations.
The ability to sandbox is a property of the architecture of pypy. It's not a module that you could port to Cpython. The person you want to sandbox has to be running pypy.
Darn :( I was hoping I could somehow just call a sandboxed interpreter module ....
The sandboxed PyPy Python interpreter needs to be controlled by an external Python interpreter to provide the virtual environment for the sandbox. This external interpreter can be a completely normal CPython. ASCII diagram:
+-----------------------------------------+ | controlling Python interpreter (CPython)| +-----------------------------------------+ | ^ | all communication | v | +----------------------------------+ | sandboxed PyPy Python interpreter| +----------------------------------+
the two boxes are different processes. With a bit of effort, the view of the controlling Python on the sandboxed interpreter can be that of a simple module that provides a sandboxed way to execute Python code. There is also no reason why the outer process cannot control more than one sandboxed interpreter. Therefore the answer to your question might be yes. Deployment-wise it doesn't behave much like an extension module though: You have a bit of pure-Python code for the upper interpreter plus a binary with a full Python interpreter.
Then again, it means that I'll have to try pypy myself, and play with it - something I meant to do ... but did not for lack of time. It also makes it more of a burden on potential users if they have to install pypy in addition to Crunchy.
Yes, probably. However, you just need this solution only if you want the Python code to run on a server, not if the Python code runs on the users machine.
Cheers,
Carl Friedrich