[pypy-dev] Sandboxing in Pypy and Crunchy

Andre Roberge andre.roberge at gmail.com
Sun Dec 9 23:56:17 CET 2007


Hi Laura,

I should have known that you'd be one of the first to reply. ;-)

On Dec 9, 2007 6:04 PM, Laura Creighton <lac at openend.se> wrote:
> In a message of Sun, 09 Dec 2007 13:22:10 -0400, "Andre Roberge" writes:

> You may want to start by reading this.
> http://codespeak.net/pypy/dist/pypy/doc/sandbox.html

I had read that, but it was not clear to me.
>
> Cpython is the python you know and use, the one that is written in C.
> pypy-c is a pypy interpreter, which could be interpreting python, but
> could also be interpreting prolog, or javascript, or squeak -- and
> which produces as its output c code that you can run.  Just so you
> don't confuse them as you are reading.
>

Ok, I had more or less understood that.
>
> >
[snip]
> >
> >Here are a few more specific questions:
> >
> >1 a. Is it possible to create a "sandboxed python interpreter" that
> >can be included as a module distributed with a cPython based program
> >(Crunchy) without having pypy included in the distribution?
> >1 b. If so, does that module has to be (pre-)compiled for a given
> >target machine?
> >
> >2. Is it possible to limit the time for a given process (as mentioned abo
> >ve)?
> >

>
> This list is the appropriate place for this discussion.  But so is
> #pypy on irc.freenode.net.  There you can hold real conversations,
> so its often faster to figure things out by talking to us there.
>
Sorry, I'm too old for the irc stuff ;-)


> Can you post the details of the architecture of crunchy?

Hmm, I'm not sure I can do that very well...   the best I can do I
think is to describe what it does.

1. Crunchy retrieves an html page.
2. It process it, removing pre-existing javascript and various
undesired html tags
3. It identifies where it needs to add custom elements (new html tags
& javascript code)
4. It feeds the page to the browser, leaving a line of communication
open, waiting for user instruction.

At step 3. above, a new thread is started for each place in the page
where an interaction with a Python interpreter is required.
Following user interaction (click of a button or entering some code in
an html input box), the user code is fed back to the appropriate
interpreter (thread) and the result is sent back to the browser.  If I
recall correctly, the interpreter used is a small variation from
code.py included in Python standard library.    It is this part (I
believe) that needs to be sandboxed - a single module.

>  Where does
> the student's code run?  On the student's machine? or on the teacher's
> server machine?

Right now Crunchy is primarily used in a single user environment.  It
would be possible to host it on a server, but it would be very
insecure to do so.  Ideally it should be hosted in a secure way on a
server in most situations.

>
> The ability to sandbox is a property of the architecture of pypy.
> It's not a module that you could port to Cpython.  The person you
> want to sandbox has to be running pypy.
>

Darn :(    I was hoping I could somehow just call a sandboxed
interpreter module ....    Then again, it means that I'll have to try
pypy myself, and play with it - something I meant to do ... but did
not for lack of time. It also makes it more of a burden on potential
users  if they have to install pypy in addition to Crunchy.

Thanks for your clarifications,

> Laura
>

PS.  Yes, Laura, it is cold and there is snow (unusual at this time of
the year) in your beloved Nova Scotia ;-)



More information about the Pypy-dev mailing list