[Python-Dev] The pysandbox project is broken
brett at python.org
Wed Nov 13 19:27:06 CET 2013
On Wed, Nov 13, 2013 at 1:05 PM, Eli Bendersky <eliben at gmail.com> wrote:
> On Wed, Nov 13, 2013 at 6:58 AM, Brett Cannon <brett at python.org> wrote:
>> On Wed, Nov 13, 2013 at 6:30 AM, Facundo Batista <
>> facundobatista at gmail.com> wrote:
>>> On Wed, Nov 13, 2013 at 4:37 AM, Maciej Fijalkowski <fijall at gmail.com>
>>> >> Do you think it would be productive to create an independent Python
>>> >> compiler, designed with sandboxing in mind from the beginning?
>>> > PyPy sandbox does work FYI
>>> > It might not do exactly what you want, but it both provides a full
>>> > python and security.
>>> If we have sandboxing using PyPy... what also we need to put Python
>> You can try to get PNaCl to work with Python to get a Python executable
>> that at least Chrome can run.
> Two corrections:
> 1. CPython already works with NaCl and PNaCl (there are working patches in
> naclports to build it)
Anything that should be upstreamed?
> 2. It can be used outside Chrome as well, using the standalone "sel_ldr"
> tool that will then allow to run a sandboxed CPython .nexe from the command
Sure, but I was just thinking about the "in browser" question Facundo asked
> Note that this is a fundamentally different sandboxing model (the whole
> interpreter is run in a sandbox), but it's also more secure. PNaCl has
> shipped publicly yesterday, so Chrome runs native code *from the web* on
> your machine - a lot of security research and work went into making this
> As for performance, the sandboxing overhead of NaCl is very low (< 10% in
> most cases).
I feel like we need to have a page at python.org (or somewhere) that
provides every which way to run Python from the browser for people to try
the interpreter out as easily as possible.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-Dev