I heard that PyPy sandbox cannot be used out of the box. You have to write a policy to allow syscalls. The complexity is moved to this policy which is very hard to write, especially if you only use whitelists.

Correct me if I'm wrong. To be honest, I never take a look at this sandbox.


Le mercredi 13 août 2014, Steven D'Aprano <steve@pearwood.info> a écrit :
On Thu, Aug 14, 2014 at 02:26:29AM +1000, Chris Angelico wrote:
> On Wed, Aug 13, 2014 at 11:11 PM, Isaac Morland <ijmorlan@uwaterloo.ca> wrote:
> > While I would not claim a Python sandbox is utterly impossible, I'm
> > suspicious that the whole "consenting adults" approach in Python is
> > incompatible with a sandbox.  The whole idea of a sandbox is to absolutely
> > prevent people from doing things even if they really want to and know what
> > they are doing.

The point of a sandbox is that I, the consenting adult writing the
application in the first place, may want to allow *untrusted others* to
call Python code without giving them control of the entire application.
The consenting adults rule applies to me, the application writer, not
them, the end-users, even if they happen to be writing Python code. If
they want unrestricted access to the Python interpreter, they can run
their code on their own machine, not mine.

> It's certainly not *fundamentally* impossible to sandbox Python.
> However, the question becomes one of how much effort you're going to
> go to and how much you're going to restrict the code.

I believe that PyPy has an effective sandbox, but to what degree of
effectiveness I don't know.


I've had rogue Javascript crash my browser or make my entire computer
effectively unusable often enough that I am skeptical about claims that
Javascript in the browser is effectively sandboxed, so I'm doubly
cautious about Python.

Python-Dev mailing list
Unsubscribe: https://mail.python.org/mailman/options/python-dev/victor.stinner%40gmail.com