[Python-Dev] The pysandbox project is broken
tismer at stackless.com
Sat Nov 16 02:35:53 CET 2013
On 16.11.13 01:35, Guido van Rossum wrote:
> On Fri, Nov 15, 2013 at 4:31 PM, Nick Coghlan <ncoghlan at gmail.com
> <mailto:ncoghlan at gmail.com>> wrote:
> "Use an OS level sandbox" *is* better from a security point of
> view. It's just not portable :P
> Honestly, I don't believe in portable security. :-)
> BTW, in case it wasn't clear, I think it was a courageous step by
> Victor to declare defeat. Negative results are also results, and they
> need to be published. Thanks Victor!
Sure it was, and it was great to follow Victor's project!
I was about to use it in production, until I saw it's flaws, a while back.
Nevertheless, the issue has never been treated as much as to be able to
say "this way you implement that security in Python", whatever "that"
So I think it is worth discussing, and may it just be to identify the levels
of security involved, to help people to even identify their individual
My question is, actually:
Do we need to address this topic, or is it already crystal clear that
like PyPy's approach is necessary and sufficient to solve the common,
problem of "run some script on whatnot, with the following security
IOW: Do we really need a full abstraction, embedded in a virtual OS, or
is there already a compromise that suits 98 percent of the common needs?
I think as a starter, categorizing the expectations of some measure of
would make sense. And I'm asking the people with better knowledge of
than I have. (and not asking those who don't... ;-) )
cheers -- Chris
Christian Tismer :^) <mailto:tismer at stackless.com>
Software Consulting : Have a break! Take a ride on Python's
Karl-Liebknecht-Str. 121 : *Starship* http://starship.python.net/
14482 Potsdam : PGP key -> http://pgp.uni-mainz.de
phone +49 173 24 18 776 fax +49 (30) 700143-0023
PGP 0x57F3BF04 9064 F4E1 D754 C2FF 1619 305B C09C 5A3B 57F3 BF04
whom do you want to sponsor today? http://www.stackless.com/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-Dev