[Python-Dev] The pysandbox project is broken

Maciej Fijalkowski fijall at gmail.com
Sat Nov 16 11:53:22 CET 2013

On Fri, Nov 15, 2013 at 6:56 PM, Trent Nelson <trent at snakebite.org> wrote:
> On Tue, Nov 12, 2013 at 01:16:55PM -0800, Victor Stinner wrote:
>> pysandbox cannot be used in practice
>> ====================================
>> To protect the untrusted namespace, pysandbox installs a lot of
>> different protections. Because of all these protections, it becomes
>> hard to write Python code. Basic features like "del dict[key]" are
>> denied. Passing an object to a sandbox is not possible to sandbox,
>> pysandbox is unable to proxify arbitary objects.
>> For something more complex than evaluating "1+(2*3)", pysandbox cannot
>> be used in practice, because of all these protections. Individual
>> protections cannot be disabled, all protections are required to get a
>> secure sandbox.
>     This sounds a lot like the work I initially did with PyParallel to
>     try and intercept/prevent parallel threads mutating main-thread
>     objects.
>     I ended up arriving at a much better solution by just relying on
>     memory protection; main thread pages are set read-only prior to
>     parallel threads being able to run.  If a parallel thread attempts
>     to mutate a main thread object; a SEH is raised (SIGSEV on POSIX),
>     which I catch in the ceval loop and convert into an exception.
>     See slide 138 of this: https://speakerdeck.com/trent/pyparallel-how-we-removed-the-gil-and-exploited-all-cores-1
>     I'm wondering if this sort of an approach (which worked surprisingly
>     well) could be leveraged to also provide a sandbox environment?  The
>     goals are the same: robust protection against mutation of memory
>     allocated outside of the sandbox.
>     (I'm purely talking about memory mutation; haven't thought about how
>      that could be extended to prevent file system interaction as well.)
>         Trent.
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe: https://mail.python.org/mailman/options/python-dev/fijall%40gmail.com

Trent, you should read the mail more carefully. Notably the same
issues that make it impossible to create a sandbox make it impossible
to create pyparaller really work. Being read-only is absolutely not
enough - you can read some internal structures in inconsistent state
that lead to crashes and/or very unexpected behavior even without
modifying anything.

PS. We really did a lot of work analyzing how STM-pypy can lead to
conflicts and/or inconsistent behavior.


More information about the Python-Dev mailing list