Challenge: escape from the pysandbox

Victor Stinner victor.stinner at
Sun Feb 28 17:43:07 CET 2010

Le samedi 27 février 2010 18:37:22, Daniel Fetchinson a écrit :
> It's google's hosting solution called app engine, for python web
> applications:
> I guess they also have some kind of a sandbox if they let people run
> python on their machines, I'm not sure if it's open source though.

Yes, Google AppEngine has its Python sandbox and the source code is available 
online. I don't know the license. I found 7 vulnerabilities in 1 hour :-) I 
contacted Google security team.

To answer to your question "How is [AppEngine] different from your project?":

 * pysanbox has an import whitelist, whereas AppEngine has an import blacklist 
(subprocess, socket, ... builtin modules are replaced by safe versions). 
Import a Python module written in C is forbidden. 
 * Import a module in AppEngine imports all symbols, whereas pysandbox uses 
also a symbol whitelist.
 * AppEngine doesn't have proxies, all objects are modifiable (eg. sys.path)

There are other differences, but I prefer to wait for the answer from Google 
before telling you more :)

AppEngine sandbox and pysandbox projects are very close: most protections are 
based on blacklists, whereas RestrictedPython is only based on whitelists.

Victor Stinner

More information about the Python-list mailing list