On Sun, Feb 26, 2023 at 7:31 AM python--- via Python-ideas <python-ideas@python.org> wrote:
Supply chain attacks are becoming a pressing concern in software development due to the large number of dependencies and multiple attack vectors. Using third party modules (libraries, packages etc)  is always a risk but the true potential of these attacks is now being weaponized. One way to deal with the risk is by limiting access to sensitive APIs like filesystem, shell, network and ffi so that packages which aren't explicitly granted permissions cannot use them, reducing their ability to do damage.

I agree with the other commenters that creating a sandbox within a particular python process is going to be extremely difficult or impossible. But I commend you in trying to do work in this area.

One way this could be implemented is by providing some primitives for sandboxing subprocesses. E.g. in the requirements file add an optional section for sandbox directives that will cause the import to be executed in a subprocess with a restricted set of OS-level permissions (e.g. no writing to the filesystem other than a particular socket for communicating with the parent process).

An incremental and independently useful place to start on that might be adding sandboxing primitives to the subprocess and/or multiprocessing module. I have tried to do this manually on a linux web service using calls to Imagemagick and didn't see a way to do it aside from calling a `docker run` command. Is there a cross-platform way of doing this? I did a bit of googling and found some "experimental" libraries for the purpose, though nothing that wanted to call itself production-ready. (Gaol https://github.com/servo/gaol and Boxfort https://github.com/Snaipe/BoxFort) Presumably web browsers like Chrome have some prior art as well.

Best wishes,
Lucas Wiman