[Python-Dev] The pysandbox project is broken

Eli Bendersky eliben at gmail.com
Wed Nov 13 23:37:46 CET 2013


On Wed, Nov 13, 2013 at 10:27 AM, Brett Cannon <brett at python.org> wrote:

>
>
>
> On Wed, Nov 13, 2013 at 1:05 PM, Eli Bendersky <eliben at gmail.com> wrote:
>
>>
>>
>>
>> On Wed, Nov 13, 2013 at 6:58 AM, Brett Cannon <brett at python.org> wrote:
>>
>>>
>>>
>>>
>>> On Wed, Nov 13, 2013 at 6:30 AM, Facundo Batista <
>>> facundobatista at gmail.com> wrote:
>>>
>>>> On Wed, Nov 13, 2013 at 4:37 AM, Maciej Fijalkowski <fijall at gmail.com>
>>>> wrote:
>>>>
>>>> >> Do you think it would be productive to create an independent Python
>>>> >> compiler, designed with sandboxing in mind from the beginning?
>>>> >
>>>> > PyPy sandbox does work FYI
>>>> >
>>>> > It might not do exactly what you want, but it both provides a full
>>>> > python and security.
>>>>
>>>> If we have sandboxing using PyPy... what also we need to put Python
>>>> running in the browser? (like javascript, you know)
>>>>
>>>> Thanks!
>>>>
>>>
>>> You can try to get PNaCl to work with Python to get a Python executable
>>> that at least Chrome can run.
>>>
>>
>> Two corrections:
>>
>> 1. CPython already works with NaCl and PNaCl (there are working patches
>> in naclports to build it)
>>
>
> Anything that should be upstreamed?
>

Yeah, it definitely could. There are two problems currently: 1) the patches
are for 2.7.x and 2) they have some ugly hacks in them. But I will talk to
the guy who worked on that and hopefully we'll be able to have something
cleaned up for upstreaming into default/3.x

Anyhow, the webstore app is:
https://chrome.google.com/webstore/detail/python/nodpmmidbgeganfponihbgmfcoiibffi

And the code is in: https://code.google.com/p/naclports/wiki/PortList


>
>
>> 2. It can be used outside Chrome as well, using the standalone "sel_ldr"
>> tool that will then allow to run a sandboxed CPython .nexe from the command
>> line
>>
>
> Sure, but I was just thinking about the "in browser" question Facundo
> asked about.
>

Yep, see link above for in-the-browser Python. Same can be done with PNaCl
and not require the web store (this can actually be built by anyone from
the NaCl SDK today).


Eli
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20131113/0557b07f/attachment.html>


More information about the Python-Dev mailing list