[Python-3000] Will we have a true restricted exec environmentfor python-3000?

Adam DePrince adam.deprince at gmail.com
Mon Apr 10 20:42:38 CEST 2006


On Sun, 2006-04-09 at 18:06 -0700, Neal Norwitz wrote:
> On 4/9/06, Giovanni Bajo <rasky at develer.com> wrote:
> > Neal Norwitz <nnorwitz at gmail.com> wrote:
<snip>
> >>> r.setrlimit(r.RLIMIT_CPU, (5, 5))
> >>> 10000000000000000000**10000000000000000000
> Cputime limit exceeded
> 
> To defeat this, you can do:  signal.signal(signal.SIGXCPU, signal.SIG_IGN)
> Of course, you would presumably prevent access to the signal module. 
> You could then install your own signal handler and handle this how you
> want
> .

Instead of worrying about how to appropriately cripple CPython to
provide a secure sandbox, perhaps we should be reaching towards PyPy for
this answer?  

Cheers - Adam




More information about the Python-3000 mailing list