[pypy-dev] from the psf board public mailing list.

[Da_Blitz]

> The United Security Conference is  Sept 19 and 20 in San Francisco.
> http://www.net-security.org/conference.php?id=445  Sept 9 is very
> close for having a proposal ready, and then somebody would have
> to go to SF.  On the other hand, the sandboxing in PyPy is
> definitely innovative, and if they are just announcing their
> contest now, there may not _be_ many other people competing for
> the money.  Of course we would have to find out something to do
> with sandboxing.
> 

If anyone is looking for ideas i have been playing with 
containers/namespaces and seccomp support on linux and believe it can 
be applied to sandbox mode with a bit of effort. there are one or two 
issues in regards to memory related syscalls that may need a bit of 
thinking through but it should tighten the security of sandbox mode 
under linux a bit more

it would also be interesting to look into what other security 
primitives Mac OSX and windows provide as well as the BSD's and if 
they can be integrated and i would be interested in these extra 
features to expand my code

if anybody wants to play or see what its about hit 
http://code.pocketnix.org/asylum code is WIP and massive changes over 
the next couple of weeks are possible. at the moment the code is not 
pypy specific and can be used to isolate cpython in a jail/container

containers/namspaces are OS level vitalization. one kernel multiple 
instances of userspace (think similar to BSD jails or a more fine 
grain openVZ)

seccomp disables all syscalls except sigreturn, read/write and _exit 
to isolate an app and help prevent a malicious program from inflicting 
harm. it was originally conceived so users could rent out cpu cycles

if someone decides to go with this i am more than willing to help out 
or get anyone up to speed on it. or if anyone is interested in general 
let me know