<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Apr 11, 2016 at 8:08 PM, Greg Ewing <span dir="ltr"><<a href="mailto:greg.ewing@canterbury.ac.nz" target="_blank">greg.ewing@canterbury.ac.nz</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class="">Jon Ribbens wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
So far it looks like blocking "_*" and the frame object attributes<br>
appears to be sufficient.<br>
</blockquote>
<br></span>
Even if your sandbox as it currently exists is secure, it's<br>
only an extremely restricted subset. You seem to be assuming<br>
that if your technique works so far, then it can be extended<br>
to cover a larger subset, but I don't think that's certain.<br></blockquote><div> </div><div>How would you test that? </div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
One problem that's been raised is how to prevent untrusted<br>
code from monkeypatching imported modules. Possibly that<br>
could be addressed by giving the untrusted code a copy of<br>
the module, but I'm not entirely sure -- accidentally<br>
importing two copies of the same source file is a well-known<br>
source of bugs, after all.<br></blockquote><div><br></div><div><a href="https://en.wikipedia.org/wiki/Monkey_patch#Pitfalls">https://en.wikipedia.org/wiki/Monkey_patch#Pitfalls</a><br></div><div><br></div><div>* <a href="https://pypi.python.org/pypi?%3Aaction=search&term=monkeypatch&submit=search">https://pypi.python.org/pypi?%3Aaction=search&term=monkeypatch&submit=search</a></div><div><br></div><div>  * <a href="https://pypi.python.org/pypi/apparmor_monkeys">https://pypi.python.org/pypi/apparmor_monkeys</a></div><div>  * <a href="http://eventlet.net/doc/patching.html#monkeypatching-the-standard-library">http://eventlet.net/doc/patching.html#monkeypatching-the-standard-library</a></div><div>  * <a href="http://www.gevent.org/gevent.monkey.html">http://www.gevent.org/gevent.monkey.html</a></div><div>  * <a href="https://docs.python.org/3/library/asyncio-sync.html#locks">https://docs.python.org/3/library/asyncio-sync.html#locks</a></div><div>  * <a href="https://docs.python.org/2/library/threading.html#lock-objects">https://docs.python.org/2/library/threading.html#lock-objects</a></div><div>  * <a href="https://docs.python.org/2/library/sets.html?highlight=immutable#sets.ImmutableSet">https://docs.python.org/2/library/sets.html?highlight=immutable#sets.ImmutableSet</a></div><div>  * <a href="http://doc.pypy.org/en/latest/stm.html#locks">http://doc.pypy.org/en/latest/stm.html#locks</a></div><div>   - "<span style="color:rgb(64,64,64);font-family:Lato,proxima-nova,'Helvetica Neue',Arial,sans-serif;font-size:16px;line-height:24px;background-color:rgb(252,252,252)"> </span><span style="color:rgb(64,64,64);font-family:Lato,proxima-nova,'Helvetica Neue',Arial,sans-serif;font-size:16px;line-height:24px;background-color:rgb(252,252,252)">Infinite recursion just segfaults for now."</span></div><div>  * <a href="https://github.com/tobgu/pyrsistent">https://github.com/tobgu/pyrsistent</a> #justfoundthis</div><div>    - <a href="https://github.com/tobgu/pyrsistent#invariants">https://github.com/tobgu/pyrsistent#invariants</a></div><div>    - <a href="https://github.com/tobgu/pyrsistent#freeze-and-thaw">https://github.com/tobgu/pyrsistent#freeze-and-thaw</a></div><div>      - freeze, thaw</div><div><br></div><div><div>  * define a @property (and no @propname.setter)</div><div>    - <a href="https://docs.python.org/2/howto/descriptor.html#properties">https://docs.python.org/2/howto/descriptor.html#properties</a></div><div>    - <a href="https://docs.python.org/2/library/functions.html#property">https://docs.python.org/2/library/functions.html#property</a></div></div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
A related, but more difficult problem is that if we allow<br>
the untrusted code to import any pure-Python classes, it<br>
will be able to monkeypatch them. So it seems like it will<br>
need its own copy of those classes as well --</blockquote><div><br></div><div>* <a href="https://docs.python.org/3/library/importlib.html#importlib.__import__">https://docs.python.org/3/library/importlib.html#importlib.__import__</a></div><div>* </div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"> and having<br>
two copies of the same class around is *another* well<br>
known source of bugs.</blockquote><div><br></div><div>One way to reduce the likelihood of this is to</div><div>bundle all dependencies into a self-contained</div><div>PEX ZIP package</div><div>and specify entry points.</div><div><br></div><div>* <a href="http://legacy.python.org/dev/peps/pep-0441/">http://legacy.python.org/dev/peps/pep-0441/</a></div><div>* <a href="https://pex.readthedocs.org/en/stable/buildingpex.html#specifying-entry-points">https://pex.readthedocs.org/en/stable/buildingpex.html#specifying-entry-points</a></div><div>* <a href="https://pex.readthedocs.org/en/stable/buildingpex.html#tailoring-pex-execution-at-build-time">https://pex.readthedocs.org/en/stable/buildingpex.html#tailoring-pex-execution-at-build-time</a></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class=""><font color="#888888"><br>
<br>
-- <br>
Greg</font></span><div class=""><div class="h5"><br>
_______________________________________________<br>
Python-Dev mailing list<br>
<a href="mailto:Python-Dev@python.org" target="_blank">Python-Dev@python.org</a><br>
<a href="https://mail.python.org/mailman/listinfo/python-dev" rel="noreferrer" target="_blank">https://mail.python.org/mailman/listinfo/python-dev</a><br>
Unsubscribe: <a href="https://mail.python.org/mailman/options/python-dev/wes.turner%40gmail.com" rel="noreferrer" target="_blank">https://mail.python.org/mailman/options/python-dev/wes.turner%40gmail.com</a><br>
</div></div></blockquote></div><br></div></div>