Chroot Jail Not Secure for Sandboxing Python?

"Martin v. Löwis" martin at v.loewis.de
Mon Jun 25 07:43:18 CEST 2007


gregpinero at gmail.com schrieb:
> This wiki page suggests using a chroot jail to sandbox Python, but
> wouldn't running something like this in your sandboxed Python instance
> still break you out of the chroot jail:
> 
>  os.execle ('/usr/bin/python','-c','import os; os.execlp("/bin/sh")',
> {})

Depending on how the chroot jail is set up, this command might not
work - in the jail, /bin/sh might not exist.

> or maybe:
> 
>  del os.environ['LD_PRELOAD']
>  os.execl ('/usr/bin/python','-c','import os; os.execlp("/bin/sh")')

How could deleting LD_PRELOAD help? chroot is not a library trick.
It's a mechanism implemented in the operating system.

> So is a chroot jail not adequate for sandboxing Python?

You have to define your threat model. If the threat to prevent is
a malicious user getting at your data, or spreading a virus
through your files, then chroot is perfectly adequate.

Regards,
Martin



More information about the Python-list mailing list