[Python-Dev] The pysandbox project is broken
fijall at gmail.com
Sat Nov 16 11:53:22 CET 2013
On Fri, Nov 15, 2013 at 6:56 PM, Trent Nelson <trent at snakebite.org> wrote:
> On Tue, Nov 12, 2013 at 01:16:55PM -0800, Victor Stinner wrote:
>> pysandbox cannot be used in practice
>> To protect the untrusted namespace, pysandbox installs a lot of
>> different protections. Because of all these protections, it becomes
>> hard to write Python code. Basic features like "del dict[key]" are
>> denied. Passing an object to a sandbox is not possible to sandbox,
>> pysandbox is unable to proxify arbitary objects.
>> For something more complex than evaluating "1+(2*3)", pysandbox cannot
>> be used in practice, because of all these protections. Individual
>> protections cannot be disabled, all protections are required to get a
>> secure sandbox.
> This sounds a lot like the work I initially did with PyParallel to
> try and intercept/prevent parallel threads mutating main-thread
> I ended up arriving at a much better solution by just relying on
> memory protection; main thread pages are set read-only prior to
> parallel threads being able to run. If a parallel thread attempts
> to mutate a main thread object; a SEH is raised (SIGSEV on POSIX),
> which I catch in the ceval loop and convert into an exception.
> See slide 138 of this: https://speakerdeck.com/trent/pyparallel-how-we-removed-the-gil-and-exploited-all-cores-1
> I'm wondering if this sort of an approach (which worked surprisingly
> well) could be leveraged to also provide a sandbox environment? The
> goals are the same: robust protection against mutation of memory
> allocated outside of the sandbox.
> (I'm purely talking about memory mutation; haven't thought about how
> that could be extended to prevent file system interaction as well.)
> Python-Dev mailing list
> Python-Dev at python.org
> Unsubscribe: https://mail.python.org/mailman/options/python-dev/fijall%40gmail.com
Trent, you should read the mail more carefully. Notably the same
issues that make it impossible to create a sandbox make it impossible
to create pyparaller really work. Being read-only is absolutely not
enough - you can read some internal structures in inconsistent state
that lead to crashes and/or very unexpected behavior even without
PS. We really did a lot of work analyzing how STM-pypy can lead to
conflicts and/or inconsistent behavior.
More information about the Python-Dev