Chroot Jail Not Secure for Sandboxing Python?

gregpinero at gmail.com gregpinero at gmail.com
Mon Jun 25 08:22:25 CEST 2007


On Jun 25, 1:43 am, "Martin v. Löwis" <mar... at v.loewis.de> wrote:
> gregpin... at gmail.com schrieb:
>
> > This wiki page suggests using a chroot jail to sandbox Python, but
> > wouldn't running something like this in your sandboxed Python instance
> > still break you out of the chroot jail:
>
> >  os.execle ('/usr/bin/python','-c','import os; os.execlp("/bin/sh")',
> > {})
>
> Depending on how the chroot jail is set up, this command might not
> work - in the jail, /bin/sh might not exist.

This was my thought too.  I just figured there was something special
about this command that brought one to the "real" Python intrepreter
and then to the real "/bin/sh".  That's odd, my ISP seem adament that
this is a way to break out.  I'll just have to put in the work to test
to locally I guess.

> > So is a chroot jail not adequate for sandboxing Python?
>
> You have to define your threat model. If the threat to prevent is
> a malicious user getting at your data, or spreading a virus
> through your files, then chroot is perfectly adequate.

Yeah, sounds like my threat model.  Maybe prevent someone sending
spam, or DOS from my server too.

-Greg






More information about the Python-list mailing list