Challenge: escape from the pysandbox
Victor Stinner
victor.stinner at haypocalc.com
Tue Mar 2 21:42:51 EST 2010
Le dimanche 28 février 2010 17:43:07, Victor Stinner a écrit :
> Yes, Google AppEngine has its Python sandbox and the source code is
> available online. I don't know the license. I found 7 vulnerabilities in 1
> hour :-) I contacted Google security team. (...) There are other
> differences, but I prefer to wait for the answer from
> Google before telling you more :)
Google answered me. I misunderstood AppEngine sandbox. It's not a Python
sandbox.
AppEngine sandbox is just a tool helping developers to test programs without
the "real" (OS) sandbox. Their Python sandbox *emulates* the real sandbox, and
so it's completly different to pysandbox.
--
Victor Stinner
http://www.haypocalc.com/
More information about the Python-list
mailing list