[pypy-dev] Sandbox examples
Armin Rigo
arigo at tunes.org
Wed Sep 21 12:12:14 CEST 2011
Hi Geoffrey,
On Mon, Sep 19, 2011 at 9:40 PM, Geoffrey Thomas <geofft at mit.edu> wrote:
> I'm looking at building a real application using PyPy's sandbox mode, and am
> having a harder time than I'd expect finding any examples of people using
> the sandbox in the "real world".
This is because, as far as I know, nobody ever did anything "real"
with it. At most, a few attempts were discussed but went nowhere,
again to my knowledge.
The basics work and are believed to be extremely secure, but with no
serious review. At least reviewing the few hundreds of lines involved
in sandboxing would be a good idea. It is possible that an extension
module uses directly raw pointers in a buggy way which would not be
caught (workaround: disable most modules); it is also possible that
there is a bug in the JIT assembler generation part (workaround:
disable the JIT).
Right now we are missing interest and use cases to develop it more
ourselves, and truthfully, it should rather be done by someone that
has an interest in serious security. If you want to work in
completing it, we will be happy to provide support :-)
A bientôt,
Armin.
More information about the pypy-dev
mailing list