[Python-Dev] The pysandbox project is broken

Glenn Linderman v+python at g.nevcal.com
Wed Nov 13 01:47:47 CET 2013

On 11/12/2013 4:11 PM, Steven D'Aprano wrote:
> On Wed, Nov 13, 2013 at 12:58:42AM +0100, Victor Stinner wrote:
>> >I now gave up on sandboxing Python. I just would like to warn other
>> >core developers that trying to put a sandbox in Python is not a good
>> >idea:-)
> Do you mean CPython?
> Do you think it would be productive to create an independent Python
> compiler, designed with sandboxing in mind from the beginning?

In reading this thread, which I took as an on-topic dismissal of an 
integrated CPython sandbox, I also wondered if it was a CPython 
implementation issue, or a language design issue.

If it is an implementation issue, then perhaps a different 
implementation would help. Or perhaps a "safe compiler".

If it is a language design issue, then a different implementation 
wouldn't help, it would require a new language, or a restricted subset. 
I'm not sure whether some of the onerous sounding restrictions result 
from language or implementation issues; some of them certainly sounded 
like implementation issues.

A restricted subset, compiled by a validating compiler, might still be a 
useful language, even if the execution speed has to be reduced by a 
validating runtime.

Perhaps exception handling for exceptions hit inside a sandbox need to 
stop at the sandbox boundary. That is, exceptions within the sandbox 
stay within the sandbox, and exceptions generated due to sandbox calls 
to the implementation need to stay outside the sandbox, and then 
sanitized and limited information passed back in to the sandbox.

Perhaps a different/restricted set of builtins must be provided within 
the sandbox.

These ideas may perhaps still allow a CPython sandbox to be written, or 
may only help a new implementation.

Is there technology in the smartphone OSes that could be applied? iOS 
seems to not even provide a file system to its apps, and there is 
limited sharing of data from one app to the next. Android provides an 
explicit subset of system services to its apps.

Thanks, Victor, for the update on your sandbox efforts. I was hoping you 
would be successful, and then I was wondering if you had abandoned the 
effort, and now I know what the current status is.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20131112/88bca105/attachment.html>

More information about the Python-Dev mailing list