[pypy-dev] Running untrusted code in pypy

Jeff Rush jeff at taupro.com
Tue Feb 20 04:14:05 CET 2007

James Matthews wrote:
> How can you detect such code running ( all the bad code)

A complicated topic that can't be covered in a brief email but Python used to 
have a security model/features:


but there were ways to escape the sandbox.  Perhaps they could be closed but 
no one had the time to carefully study the matter, so it was disabled in 2.3 
and I believe removed in 2.5.

Brett Cannon is re-opening the matter.  You can read about his approach at:


Many in the Python community are excited because it will finally bring 
capability-based security to Python, if it works.

There is also some cross-pollination of ideas re capabilities with the 
one-laptop-per-child project, who recently published their security model. 
They have a lot of Python code to secure, in a potentially hostile 
laptop/network environment.  You can read about their model at:


Ask Ivan Krstić about Bitfrost, whose development he led.  He is giving the 
opening keynote at PyCon on Friday morning.


> On 2/19/07, *Jeff Rush* <jeff at taupro.com <mailto:jeff at taupro.com>> wrote:
>     Vinj Vinj wrote:
>      >
>      > With cPython, I've been told that it is just not going
>      > to be possible. Which is why, I moved to lua for user
>      > models.
>     It sounds like you're going to be at PyCon, so be sure not to miss
>     the talk on
>     Saturday afternoon:
>     Securing Python: "Protecting the interpreter from code wielding
>     fresh fruit."
>     (#41) by Brett Cannon
>     "Python currently has no security model. This talk discusses why
>     this is and
>     how I am fixing the problem."

More information about the Pypy-dev mailing list