![](https://secure.gravatar.com/avatar/bfc96d2a02d9113edb992eb96c205c5a.jpg?s=120&d=mm&r=g)
On Fri, Jul 15, 2011 at 7:09 PM, VanL <van.lindberg@gmail.com> wrote:
I have a couple questions about the sandboxing feature:
- Currently this is a two-process model, but early on the assertion was made that this could be done in a single process, perhaps but not necessarily separated by two OS-level threads. Is this (still?) true? What would you need to invoke to create such a pypy?
By design, a single process thing is slightly less secure. If you say find a way to corrupt random memory, you can modify the other process, it's still only very slightly though. The sandboxing approach should work quite nicely, the hard part would be to get multiple interpreters running in a single process. It's quite a bit of work, but I would not expect it to be overly hard to do. Requires quite a bit of pypy knowledge though.
- How granular can the control on imported/run functions be? Can you have a full interpreter that does everything, or an interpreter that allows socket access and that is it?
It's very granular. Besides memory and CPU limits, you also control every single call that would normally be a C call, like read, write or stat, but you can implement an arbitrary custom behavior for those functions.
Thanks,
Van
_______________________________________________ pypy-dev mailing list pypy-dev@python.org http://mail.python.org/mailman/listinfo/pypy-dev