Challenge: escape from the pysandbox

Victor Stinner victor.stinner at haypocalc.com
Tue Mar 2 21:42:51 EST 2010


Le dimanche 28 février 2010 17:43:07, Victor Stinner a écrit :
> Yes, Google AppEngine has its Python sandbox and the source code is
>  available online. I don't know the license. I found 7 vulnerabilities in 1
>  hour :-) I contacted Google security team. (...) There are other
>  differences, but I prefer to wait for the answer from
>  Google before telling you more :)

Google answered me. I misunderstood AppEngine sandbox. It's not a Python 
sandbox.

AppEngine sandbox is just a tool helping developers to test programs without 
the "real" (OS) sandbox. Their Python sandbox *emulates* the real sandbox, and 
so it's completly different to pysandbox.

-- 
Victor Stinner
http://www.haypocalc.com/



More information about the Python-list mailing list