[Python-Dev] The pysandbox project is broken
eliben at gmail.com
Wed Nov 13 19:05:56 CET 2013
On Wed, Nov 13, 2013 at 6:58 AM, Brett Cannon <brett at python.org> wrote:
> On Wed, Nov 13, 2013 at 6:30 AM, Facundo Batista <facundobatista at gmail.com
> > wrote:
>> On Wed, Nov 13, 2013 at 4:37 AM, Maciej Fijalkowski <fijall at gmail.com>
>> >> Do you think it would be productive to create an independent Python
>> >> compiler, designed with sandboxing in mind from the beginning?
>> > PyPy sandbox does work FYI
>> > It might not do exactly what you want, but it both provides a full
>> > python and security.
>> If we have sandboxing using PyPy... what also we need to put Python
> You can try to get PNaCl to work with Python to get a Python executable
> that at least Chrome can run.
1. CPython already works with NaCl and PNaCl (there are working patches in
naclports to build it)
2. It can be used outside Chrome as well, using the standalone "sel_ldr"
tool that will then allow to run a sandboxed CPython .nexe from the command
Note that this is a fundamentally different sandboxing model (the whole
interpreter is run in a sandbox), but it's also more secure. PNaCl has
shipped publicly yesterday, so Chrome runs native code *from the web* on
your machine - a lot of security research and work went into making this
As for performance, the sandboxing overhead of NaCl is very low (< 10% in
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-Dev