[pypy-dev] pypy-dev at codespeak.net
simon at arrowtheory.com
Wed Sep 19 22:36:43 CEST 2007
On Sun, 19 Aug 2007 12:33:09 +0200
Armin Rigo <arigo at tunes.org> wrote:
> Hi all,
> Those that follow IRC already know it, but it's worth being announced a
> bit more widely: I've been working on a form of sandboxing for RPython
> programs, which now seems to work for the whole of PyPy.
> It's "sandboxing" as in "full virtualization", but done in normal C with
> no OS support at all. It's a two-processes model: we can translate PyPy
> to a special "pypy-c-sandbox" executable, which is safe in the sense
> that it doesn't do any library or system call - instead, whenever it
> would like to perform such an operation, it marshals the operation name
> and the arguments to its stdout and it waits for the marshalled result
> on its stdin. This pypy-c-sandbox process is meant to be run by an
> outer "controller" program that answers to these operation requests.
How is this different to just linking against a libc wrapper (that does
whatever marshal magic is required) ?
More information about the Pypy-dev