I hope you are at least aware that over the years various multi-year attempts to create Python sandboxes ultimately failed to the point of being altogether abandoned. Python and Javascript differ fundamentally that Python runtime is intrinsically bound to I/O, like filesystem access - which is a thing that is isolated and "plugged-in by the environment" in Javascript. Besides that, the object model allows one to - sometimes not so easily, but always consistently - bypass any write-restrictions to variables and other memory states that would be used to restrict any access. Ultimately any sandboxing in Python has to be accomplished at OS level (like running everything in a container), at which point there is no granularity to restrict individual Python packages or modules anyway. On Sun, Feb 26, 2023 at 12:32 PM python--- via Python-ideas < python-ideas@python.org> wrote:
Hello all,
Supply chain attacks are becoming a pressing concern in software development due to the large number of dependencies and multiple attack vectors. Using third party modules (libraries, packages etc) is always a risk but the true potential of these attacks is now being weaponized. One way to deal with the risk is by limiting access to sensitive APIs like filesystem, shell, network and ffi so that packages which aren't explicitly granted permissions cannot use them, reducing their ability to do damage.
For example, a yaml parser should not need to use ffi, network nor shell. A command line argument parser library should not use network, ffi nor filesystem. Deno, a runtime for Typescript contains an interesting implementation of a permissions model for APIs.
I strongly think Python could benefit from such functionality and hacked together a quick experiment here: https://github.com/R9295/cpython Currently, it only prevents module imports in a very elementary manner but perhaps it can be of use to spark a discussion for an implementation.
Looking forward to your thoughts, Aarnav _______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-leave@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/MZNP5Z... Code of Conduct: http://python.org/psf/codeofconduct/