Chroot Jail Not Secure for Sandboxing Python?

Paul Boddie paul at boddie.org.uk
Wed Jul 4 01:03:27 CEST 2007


Paul Boddie wrote:
>

[chroot "jail" solutions]

> I don't have the details with me now, but I'll probably upload the
> code in the near future and post some kind of explanation of what it
> does here.

I've now uploaded the code to the Python Package Index:

http://www.python.org/pypi/jailtools

It's a bit unpolished and anyone wanting to experiment with it should
look at the code to see, for example, what each of the test programs
do. I do *not* claim that this is a secure solution: it's an
experiment where a Python process is started with access only to a set
of "approved" modules, whose identity becomes that of a particular
user, and whose environment is that of a chroot "jail", with
"sandboxed" code only then being executed inside that environment.
Anyone looking for something to deploy as a solution should look
elsewhere.

Paul




More information about the Python-list mailing list