[Python-Dev] The pysandbox project is broken
victor.stinner at gmail.com
Fri Nov 15 18:34:20 CET 2013
2013/11/15 Trent Nelson <trent at snakebite.org>:
> This sounds a lot like the work I initially did with PyParallel to
> try and intercept/prevent parallel threads mutating main-thread
> I ended up arriving at a much better solution by just relying on
> memory protection; main thread pages are set read-only prior to
> parallel threads being able to run. If a parallel thread attempts
> to mutate a main thread object; a SEH is raised (SIGSEV on POSIX),
> which I catch in the ceval loop and convert into an exception.
Read-only is not enough, an attack must not be able to read sensitive data.
Protections of memory pages sound very low-level, so not very portable :-/
How do you know fif SIGSEGV comes from a legal call (parallel thread
thing) or a real bug?
More information about the Python-Dev