[Python-Dev] Reviving restricted mode?

Victor Stinner victor.stinner at gmail.com
Wed Aug 13 23:25:43 CEST 2014 

Hi,

I heard that PyPy sandbox cannot be used out of the box. You have to write
a policy to allow syscalls. The complexity is moved to this policy which is
very hard to write, especially if you only use whitelists.

Correct me if I'm wrong. To be honest, I never take a look at this sandbox.

Victor

Le mercredi 13 août 2014, Steven D'Aprano <steve at pearwood.info> a écrit :

> On Thu, Aug 14, 2014 at 02:26:29AM +1000, Chris Angelico wrote:
> > On Wed, Aug 13, 2014 at 11:11 PM, Isaac Morland <ijmorlan at uwaterloo.ca
> <javascript:;>> wrote:
> > > While I would not claim a Python sandbox is utterly impossible, I'm
> > > suspicious that the whole "consenting adults" approach in Python is
> > > incompatible with a sandbox.  The whole idea of a sandbox is to
> absolutely
> > > prevent people from doing things even if they really want to and know
> what
> > > they are doing.
>
> The point of a sandbox is that I, the consenting adult writing the
> application in the first place, may want to allow *untrusted others* to
> call Python code without giving them control of the entire application.
> The consenting adults rule applies to me, the application writer, not
> them, the end-users, even if they happen to be writing Python code. If
> they want unrestricted access to the Python interpreter, they can run
> their code on their own machine, not mine.
>
>
> > It's certainly not *fundamentally* impossible to sandbox Python.
> > However, the question becomes one of how much effort you're going to
> > go to and how much you're going to restrict the code.
>
> I believe that PyPy has an effective sandbox, but to what degree of
> effectiveness I don't know.
>
> http://pypy.readthedocs.org/en/latest/sandbox.html
>
> I've had rogue Javascript crash my browser or make my entire computer
> effectively unusable often enough that I am skeptical about claims that
> Javascript in the browser is effectively sandboxed, so I'm doubly
> cautious about Python.
>
>
> --
> Steven
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org <javascript:;>
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe:
> https://mail.python.org/mailman/options/python-dev/victor.stinner%40gmail.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140813/8566e600/attachment.html>

More information about the Python-Dev mailing list