Simple Python Sandbox

Stephen Hansen me+list/python at ixokai.io
Fri Aug 20 22:13:52 EDT 2010 

On 8/16/10 7:01 AM, Roland Koebler wrote:
> On Sat, Aug 14, 2010 at 08:01:00PM -0700, Stephen Hansen wrote:
>>> As you can see, black listing isn't the best approach here.
>>
>> But I have a two pronged strategy: the black list is only half of the
>> equation. One, I'm blacklisting all the meta functions out of builtins.
> But blacklists are *never* secure. Sorry, but you should fully understand
> this before even thinking about more detailed security.

And whitelists are never secure, either.

There is no such thing as perfectly secure, no. But that is not a goal
that I've set for this at all. There's more secure, less secure, more
likely to provide a vector for attack, less likely to provide a vector
for attack. Every security precaution does end up having a cost: every
one weakens the resulting environment or makes something someone wants
to do legitimately more hard. Security is always a trade off.

The goal is "secure enough" -- and what 'enough' is is going to vary a
lot depending on different people's needs. If I were in a situation
where I'm executing arbitrary code gathered off of the 'net, that'd be a
very different demand and I'd be a lot more keen on finding a perfect
sand box (and thus would simply not use Python).

That isn't the case here; my relatively untrusted users are uniquely and
specifically identifyable and trackable, their interface to the system
is logged and actions recorded. There's no money involved in this
system, nor possibility that someone could use it to get higher tier
access on the parent machine: if someone gets through the sandbox, it'll
be a nuisance, hurt some people's enjoyment, harm a community, but
really-- it should be able to be fixed pretty rapidly, and then that
person utterly locked out.

I just want a sandbox that is good enough that it'd be really hard for
someone to do that. That's all. Minimize how many times I have to go fix
up something. :)

> Why are you blacklisting the "known-bad" functions instead of whitelising
> the allowed ones??

Because that would annoy some of the other users, who think the status
quo isn't really all that bad and that I'm paranoid :)

Me, I'm going to go farther on my own installation and kill import
entirely, and do a sort of require() which returns a special proxied
version of an imported module only if its on a pre-allowed white-list,
and even then each individual member of said module will have to be
white-listed specifically, too.

But in general, I just want a better sandbox that starts things off
without getting in anyone's way to do totally legitimate sorts of things.

-- 

   Stephen Hansen
   ... Also: Ixokai
   ... Mail: me+list/python (AT) ixokai (DOT) io
   ... Blog: http://meh.ixokai.io/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/python-list/attachments/20100820/0ad02f4c/attachment.sig>

More information about the Python-list mailing list