[Python-Dev] Sandboxing Python

[Greg Ewing]

Armin Rigo wrote:
> For example, let's assume we can decref
> a object to 0 before its last usage, at address x.  All you need is
> the skills and luck to arrange that the memory at x becomes occupied
> by a new bigger string object allocated at "x - small_number".

That's a lot of assumptions. When you claimed that *any* segfault
bug could be turned into an arbitrary-code exploit, it sounded
like you had a provably general procedure in mind for doing so,
but it seems not.

In any case, I think Victor is right to object to his sandbox
being shot down on such grounds. The same thing equally applies
to any method of sandboxing any computation, whether it involves
Python or not. Even if you fork a separate process running code
written in Befunge, it could be prone to this kind of attack if
there is a bug in it.

What you seem to be saying is "Python cannot be sandboxed,
because any code can have bugs." Or, "Nothing is ever 100% secure,
because the universe is not perfect." Which is true, but not in
a very interesting way.

-- 
Greg