Hi All, I have study PyPy's sandbox for some time.But as my limited ability,I can't understand the detail about the PyPy's sandbox. And I want to discuss something with you: 1.Cuted Modules What are the reasons to cut some standard modules? (I mean the modules which in 'working_modules' but not in 'default_modules'.'working_modules' and 'default_modules' are defined in /pypy/config/pypyoption.py) when generate C code,you use "excute" function's graph to replace the original function's graph,implement the function's replace. I am confused why not use this method in these cuted modules like "_socket".Is there any secrity problem? you have used this method in os/posix module. I could understand the reason about "thread" module,because of stdin/stdout.But other modules,I can't understand. If all dangerous function are replced to send request to controller process,Is there still any secrity problem? 2.sandbox_transform/sandbox_stub This two functions are defined in /pypy/translator/c/node.py, what's the difference between them? just because the function "Not Implemented"? In addition,I found you have sandbox_transform() about 100+ functions in sandboxed interpreter,most of them are start with 'll_os',But in controller process,the sandlib.py only implemented about 20+ fucntions.why left others? 3.which fuction need sandbox_transform()/replace function's graph attribute? This problem I have not got a clue.Through the source code,I think it is related with 'llexternal' function, 'register_external' function,functon object's graph attribute…… but I don't know the details about the judgement. Can you explain it? Furthermore,Besides the webpage:"http://doc.pypy.org/en/latest/sandbox.html" ,do you have any more documents about the PyPy's sandbox? The content in that webpage is really a little less. Maybe there are more documents/infomation in the site:"http://morepypy.blogspot.com" ,But as the GFW in China,I can't access this site.
Hi, On Tue, Apr 23, 2013 at 1:48 PM, zcx <zcx3354488@126.com> wrote:
I have study PyPy's sandbox for some time.But as my limited ability,I can't understand the detail about the PyPy's sandbox.
Sorry, PyPy's sandbox is not officially supported for now. We'd welcome someone who was interested in really developing it and maintaining it.
What are the reasons to cut some standard modules?
The reason is a question of level. Most standard modules would not translate. This is because the sandboxing occurs at a certain level, namely extdef() as seen for example in rpython.rtyper.module.ll_os; but most standard modules don't use this, and instead directly call C functions with llexternal(). It may be possible to change the level and apply sandboxing at the level of llexternal functions.
sandbox_stub() is used in various cases, including the case I described above of llexternal functions, and in some cases that are present only for historical reasons and should be changed. Over the long history of PyPy we used to experiment with a number of different ways to call C functions from RPython, before we eventually settled for llexternal().
No reason. All other functions are just not written in sandlib.py because nobody needed them so far. It's all experimental and was never seriously completed. A bientôt, Armin.
Hi, On Tue, Apr 23, 2013 at 1:48 PM, zcx <zcx3354488@126.com> wrote:
I have study PyPy's sandbox for some time.But as my limited ability,I can't understand the detail about the PyPy's sandbox.
Sorry, PyPy's sandbox is not officially supported for now. We'd welcome someone who was interested in really developing it and maintaining it.
What are the reasons to cut some standard modules?
The reason is a question of level. Most standard modules would not translate. This is because the sandboxing occurs at a certain level, namely extdef() as seen for example in rpython.rtyper.module.ll_os; but most standard modules don't use this, and instead directly call C functions with llexternal(). It may be possible to change the level and apply sandboxing at the level of llexternal functions.
sandbox_stub() is used in various cases, including the case I described above of llexternal functions, and in some cases that are present only for historical reasons and should be changed. Over the long history of PyPy we used to experiment with a number of different ways to call C functions from RPython, before we eventually settled for llexternal().
No reason. All other functions are just not written in sandlib.py because nobody needed them so far. It's all experimental and was never seriously completed. A bientôt, Armin.
participants (2)
-
Armin Rigo -
zcx