Challenge: escape from the pysandbox

Victor Stinner victor.stinner at haypocalc.com
Sun Feb 28 17:43:07 CET 2010


Le samedi 27 février 2010 18:37:22, Daniel Fetchinson a écrit :
> It's google's hosting solution called app engine, for python web
> applications: http://code.google.com/appengine/docs/python/gettingstarted/
> 
> I guess they also have some kind of a sandbox if they let people run
> python on their machines, I'm not sure if it's open source though.

Yes, Google AppEngine has its Python sandbox and the source code is available 
online. I don't know the license. I found 7 vulnerabilities in 1 hour :-) I 
contacted Google security team.

To answer to your question "How is [AppEngine] different from your project?":

 * pysanbox has an import whitelist, whereas AppEngine has an import blacklist 
(subprocess, socket, ... builtin modules are replaced by safe versions). 
Import a Python module written in C is forbidden. 
 * Import a module in AppEngine imports all symbols, whereas pysandbox uses 
also a symbol whitelist.
 * AppEngine doesn't have proxies, all objects are modifiable (eg. sys.path)

There are other differences, but I prefer to wait for the answer from Google 
before telling you more :)

AppEngine sandbox and pysandbox projects are very close: most protections are 
based on blacklists, whereas RestrictedPython is only based on whitelists.

-- 
Victor Stinner
http://www.haypocalc.com/



More information about the Python-list mailing list