On Mon, Feb 27, 2023, 8:12 AM Wes Turner <wes.turner@gmail.com> wrote:
On Sun, Feb 26, 2023, 5:42 PM Chris Angelico <rosuav@gmail.com> wrote:
On Mon, 27 Feb 2023 at 08:33, python--- via Python-ideas <python-ideas@python.org> wrote:
Thank you for the insight. I have some more work to do! I will share on
this thread again when I've made further changes.
If you have some time, I would be grateful if you could share a few
test cases such as "bypass it by spinning off a new thread", or.
object.__subclasses__. code is not necessary but just pointers.
The trouble with that is, I don't really want to build and run your Python just for the test, so all I can really do is talk theoretically. But if you can name any module that IS permitted to import code, I can attempt (on a vanilla Python) to trigger it to import something of my choice.
It's worth noting, for instance, that sys.path and its friends can be manipulated to control what would be imported; a trusted module could potentially be tricked into importing anything at all.
Python simply isn't designed for security boundaries.
Trying to just application sandbox Python again? Python is not (and possibly cannot be) made a sufficient sandbox; and neither can other languages solve without breaking changes, too
- https://www.google.com/search?q=python+sandbox+bypass+escape - https://www.google.com/search?q=container+sandbox+escape - https://hn.algolia.com/?q=python+sandbox - [Bypassing a Python sandbox by abusing code objects / Hacker News]( https://news.ycombinator.com/item?id=8280053 )
Things you can do, things you can't:
- setcap a (virtualenv) bin/python
- differentiate between code and data using the NX bit, *when a c extension (with nested functions,) is imported [1][2]. The NX bit doesn't work if you import a C extension.
- Work with the ctypes module: import ctypes ctypes.cast(1, ctypes.py_object)
- strip modules out of stdlib (and patch importlib) before compiling
- "PEP 594 – Removing dead batteries from the standard library" https://peps.python.org/pep-0594/
- there were mailing list and probably also discourse discussions of how to allow customized builds of CPython with modules excluded. I'll keep looking for the link
[1] https://groups.google.com/g/dev-python/c/67Et2KtpzG4
[2] https://en.wikipedia.org/wiki/Nested_function#No-execute_stacks
(E.g. BinderHub and Dask will run [Python, conda-forge,] code in k8s and containers to sandbox / process-isolate it.)
Is it possible to grant a WASM runtime - in a browser application sandbox (with IPC APIs (all running under one user)) - access to syscalls (WASI,) and have provide sufficient security assurances, even?
That is why opcodes have a cost with smart contracts; because of the Halting Problem and arbitrary code execution and no sockets and which other modules? Python does not yet (?) have browser-like sandboxing features.
- https://github.com/utoni/potd/blob/master/src/jail.c#L296 - https://www.google.com/search?q=wasm+sandbox+site%3Agithub.com +python - https://wiki.mozilla.org/Security/Sandbox - https://chromium.googlesource.com/chromium/src/+/HEAD/docs/design/sandbox.md - W3C IPC APIs: [Web Workers, Service Workers, ] - CSP Content Security Policy https://en.wikipedia.org/wiki/Content_Security_Policy#Complementary_measures - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-P... - "PEP 554 – Multiple Interpreters in the Stdlib / peps.python.org" https://peps.python.org/pep-0554/#interpreter-isolation - "PyPy’s sandboxing features — PyPy documentation" https://doc.pypy.org/en/latest/sandbox.html - https://github.com/vstinner/pysandbox - https://foss.heptapod.net/pypy/sandboxlib/-/blob/branch/default/sandboxlib/v...
There have been various efforts and pycon presentations on sandboxing Python with Python; most of them retrospectives just.
- HN search link above lists many sandboxing articles. - ( OT: [container-selinux, OpenShift SELinux MCS contexts and types, Kata containers / gVisor / Firecracker · Issue #6 · kai5263499/awesome-container-security · GitHub]( https://github.com/kai5263499/awesome-container-security/issues/6 ))