[pypy-svn] r63388 - pypy/extradoc/talk/pycon2009/pypy-sandbox
hpk at codespeak.net
hpk at codespeak.net
Fri Mar 27 15:07:49 CET 2009
Author: hpk
Date: Fri Mar 27 15:07:46 2009
New Revision: 63388
Modified:
pypy/extradoc/talk/pycon2009/pypy-sandbox/sandbox.txt
Log:
updates, an XXX.
Modified: pypy/extradoc/talk/pycon2009/pypy-sandbox/sandbox.txt
==============================================================================
--- pypy/extradoc/talk/pycon2009/pypy-sandbox/sandbox.txt (original)
+++ pypy/extradoc/talk/pycon2009/pypy-sandbox/sandbox.txt Fri Mar 27 15:07:46 2009
@@ -5,12 +5,11 @@
This talk contents
==================
-* How to run sandboxed Python using
- PyPy
+* Problems with current sandboxing approaches
-* A couple of demos
+* PyPy sandboxing and virtualization
-* How to define security policies
+* A couple of demos
* Status, future, Q&A
@@ -55,82 +54,107 @@
* "Noone cracked it so far" approach is not
"security by design"
-Our approach
-==============
+"fixing all places manually"
+=================================
+
+sidenote: enter the "browser hack" challenge a week ago:
+
+* **fully security-updated** IE8, Firefox, Safari access an URL
+
+* hacker answers the URL access
+
+* within a day above browsers were hacked
+
+**something is wrong with an approach
+that despite so much attention and effort
+is so easy to break**
+
+PyPy's sandboxing
+==================
-* Modify all calls to platform (C) into something
- harmless. XXX what?
+automatically transform all C-lib/os calls
+in our low-level graph representation
+of the interpreter.
-* Do that in a systematic manner, not touching the interpreter
- source
+PyPy virtualized Interpreter
+====================================
-* Small code base to be trusted
+.. image:: img/sandbox1.png
+ :scale: 100
+ :align: left
-* Changes to interpreter doesn't break anything
+Places to security-review
+=============================
-But there is more...
+* algos for transforming the graphs
+* interaction code controler<->sandbox
+* controler process code
+
+Robustness and freedom!
+==========================
+
+Changes to the interpreter don't break sandbox!
+
+Additional goodies
====================
* Memory limit (GC support)
* CPU time limit
-* XXX ...
-
Drawbacks
==========
* Each sandbox is in a separate process
-* Sandbox doesn't have a direct access to any
- APIs
+* Sandbox doesn't have direct access to any APIs
-How to use it?
-===============
+How to use it today?
+=======================
* translate pypy with --sandbox (takes a while)
* run using pypy_interact.py
-* implement your own custom policy
-
* demo
Embedding in your web app
=========================
-* http://codespeak.net/svn/user/getxsick/django-sandbox/
+http://codespeak.net/svn/user/getxsick/django-sandbox/
Custom file access policies
============================
-* write your own python code to control it
+code your own policy in plain python
Custom APIs
============
+XXX why "Custom APIs" in the title? find this slide confusing
+
* provide an API that marshals/pickles data to
an outer layer
-* outer layer that accesses actual platform
+* controling process accesses actual platform
What next?
==========
-* Definitely write more docs, advertise it a bit
- more
+* come up with nice methods of integrating with
+ App code, try PyPy's transparent proxies?
-* Blog
+* Improve docs, spawn separate project
-* Special web page
-
-* besides that, it's ready to use
+* get funding for teaching and helping
+ companies to make full use of it.
Q&A
===
-* http://merlinux.eu
+Maciej Fijalkowski, Holger Krekel at
+
+http://merlinux.eu
-* http://pypy.org
+Project webpage: http://pypy.org
-* We really need a special web page....
More information about the Pypy-commit
mailing list