[PyPy-issue] [issue642] 64bit sandboxes with jit fail during startup

Armin Rigo pypy-dev-issue at codespeak.net
Fri Feb 25 00:24:01 CET 2011


Armin Rigo <armin.rigo at gmail.com> added the comment:

The point of sandboxing is that we can guarantee people that it's safe, for some
definition of safety.  However, for now sandboxing and the JIT are really not
working together nicely -- and the result is not safe in that sense.  If there
is enough interest again for sandboxing (possibly in the form of a
one-month-of-work contract with some company), we could fix it.

More precisely: a sandbox translation is alawys compiled with some debugging
checks enabled.  The reason is that it's always possible to inject malicious
code like hand-built code objects or regexps objects (just like on CPython); but
with the debugging checks, they cannot do more harm than an assertion failure
(i.e. a sudden exit with an error).  However, the debugging checks are so far
never present in the JIT-generated assembler code.  So a sandboxed translation
with the JIT is not safe.

----------
status: unread -> chatting

_______________________________________________________
PyPy development tracker <pypy-dev-issue at codespeak.net>
<https://codespeak.net/issue/pypy-dev/issue642>
_______________________________________________________



More information about the Pypy-issue mailing list