[pypy-dev] Running untrusted code in pypy
Jeff Rush
jeff at taupro.com
Tue Feb 20 04:14:05 CET 2007
James Matthews wrote:
> How can you detect such code running ( all the bad code)
A complicated topic that can't be covered in a brief email but Python used to
have a security model/features:
http://www.python.org/doc/2.3.5/lib/restricted.html
but there were ways to escape the sandbox. Perhaps they could be closed but
no one had the time to carefully study the matter, so it was disabled in 2.3
and I believe removed in 2.5.
Brett Cannon is re-opening the matter. You can read about his approach at:
http://tinyurl.com/2sh55f
Many in the Python community are excited because it will finally bring
capability-based security to Python, if it works.
There is also some cross-pollination of ideas re capabilities with the
one-laptop-per-child project, who recently published their security model.
They have a lot of Python code to secure, in a potentially hostile
laptop/network environment. You can read about their model at:
http://wiki.laptop.org/go/Bitfrost
Ask Ivan Krstić about Bitfrost, whose development he led. He is giving the
opening keynote at PyCon on Friday morning.
-Jeff
> On 2/19/07, *Jeff Rush* <jeff at taupro.com <mailto:jeff at taupro.com>> wrote:
>
> Vinj Vinj wrote:
> >
> > With cPython, I've been told that it is just not going
> > to be possible. Which is why, I moved to lua for user
> > models.
>
> It sounds like you're going to be at PyCon, so be sure not to miss
> the talk on
> Saturday afternoon:
>
> Securing Python: "Protecting the interpreter from code wielding
> fresh fruit."
> (#41) by Brett Cannon
>
> "Python currently has no security model. This talk discusses why
> this is and
> how I am fixing the problem."
More information about the Pypy-dev
mailing list