[pypy-dev] sandboxed exec function with context passing?

Armin Rigo arigo at tunes.org
Mon Mar 9 17:46:50 CET 2009


Hi Jurgis,

On Sun, Mar 08, 2009 at 01:24:27AM +0200, Jurgis Pralgauskis wrote:
> I would like to use sandboxed pypy for online step by step tutorials...
> 1) I need ability to pass context then.
> 2) and also would be nice to get result as variable not just like output.

There is no way any security mechanism can allow arbitrary objects to be
passed in or out, as this would create a security hole.  In our case, it
is an extreme version of this constrain.  The subprocess is really a
different process, and you communicate with it using only the
(sandboxed) I/O functions.  That means that you must encode everything
as I/O operations (and maybe build nicer abstractions to use on top of
that, but these would have to use the low-level I/O method of exchanging
information).

There is nothing like that built so far, but you can easily use e.g. the
marshal module: marshal the data outside, and send it to the sandboxed
process via a pseudo "file read", and then unmarshal it there.  And the
same in the other direction with a "file write".


A bientot,

Armin.



More information about the Pypy-dev mailing list