[pypy-dev] Sandboxing questions
Maciej Fijalkowski
fijall at gmail.com
Fri Jul 15 20:50:59 CEST 2011
On Fri, Jul 15, 2011 at 7:09 PM, VanL <van.lindberg at gmail.com> wrote:
> I have a couple questions about the sandboxing feature:
>
> - Currently this is a two-process model, but early on the assertion was made
> that this could be done in a single process, perhaps but not necessarily
> separated by two OS-level threads. Is this (still?) true? What would you
> need to invoke to create such a pypy?
By design, a single process thing is slightly less secure. If you say
find a way to corrupt random memory, you can modify the other process,
it's still only very slightly though. The sandboxing approach should
work quite nicely, the hard part would be to get multiple interpreters
running in a single process. It's quite a bit of work, but I would not
expect it to be overly hard to do. Requires quite a bit of pypy
knowledge though.
>
> - How granular can the control on imported/run functions be? Can you have a
> full interpreter that does everything, or an interpreter that allows socket
> access and that is it?
It's very granular. Besides memory and CPU limits, you also control
every single call that would normally be a C call, like read, write or
stat, but you can implement an arbitrary custom behavior for those
functions.
>
> Thanks,
>
> Van
>
>
> _______________________________________________
> pypy-dev mailing list
> pypy-dev at python.org
> http://mail.python.org/mailman/listinfo/pypy-dev
>
More information about the pypy-dev
mailing list