[pypy-dev] Sandboxing in Pypy and Crunchy

Andre Roberge andre.roberge at gmail.com
Sun Dec 9 18:22:10 CET 2007


Hello everyone,

Please forget the intrusion but I did not know where else to ask this question.

Through my involvement with Google's Highly Open Participation
contest, I have learned about the sandboxing capabilities of pypy and,
I believe although I can't find it anymore, the ability to limit the
time allowed to a given process.  Even if this last one is wrong, the
sandboxing capability is something I would be extremely interested in
using.

The application I have in mind is Crunchy.  In a nutshell: Crunchy
takes an arbitrary html page (with embedded Python code inside <pre>
tags) and transforms it so that the user can execute, in a variety of
ways, the Python code displayed in a browser (Firefox) window.  It is
a different way to interact with code than the ones given as examples
on http://play1.codespeak.net/.

Crunchy's user code (executed from the browser window) is not
sandboxed.  I was wondering how difficult it would be to have it
sandboxed.

Here are a few more specific questions:

1 a. Is it possible to create a "sandboxed python interpreter" that
can be included as a module distributed with a cPython based program
(Crunchy) without having pypy included in the distribution?
1 b. If so, does that module has to be (pre-)compiled for a given
target machine?

2. Is it possible to limit the time for a given process (as mentioned above)?

Thank you in advance for anyone that can give me some information
regarding the above.  If you feel this discussion is not appropriate
for this list, please do not hesitate to tell me so and perhaps answer
the questions "off-list".   And, if the answers are simply: read  this
URL, and try this example, it would be appreciated as well.

Cheers,

André

P.S. Crunchy's code is ... the work of two Python hobbyists ... and is
probably not worth looking at - I can probably clarify any specific
point needed to find out how it works, if  needed to answer the
questions I raised, better by email than having anyone read its code.



More information about the Pypy-dev mailing list