Creating a reliable sandboxed Python environment
Chris Angelico
rosuav at gmail.com
Thu May 28 14:51:07 EDT 2015
On Fri, May 29, 2015 at 4:41 AM, Stefan Behnel <stefan_ml at behnel.de> wrote:
> davidfstr at gmail.com schrieb am 26.05.2015 um 04:24:
>> Has anyone on this list attempted to sandbox Python programs in a
>> serious fashion? I'd be interested to hear your approach.
>
> Not quite sandboxing Python, but I've seen people use my Lupa [1] library
> for this. They're writing all their code in Python, and then let users
> embed their own Lua code into it to script their API. The Lua runtime is
> apparently quite good at sandboxing, and it's really small, just some 600KB
> or so. Lupa then lets you easily control the access to your Python code at
> a whitelist level by intercepting all Python attribute lookups.
>
> It doesn't add much to your application to embed Lua (or even LuaJIT) in
> Python, and it gives users a nicely object oriented language to call and
> orchestrate your Python objects.
Lua's a much weaker language than Python is, though. Can it handle
arbitrary-precision integers? Unicode? Dare I even ask,
arbitrary-precision rationals (fractions.Fraction)? Security comes at
a price, I guess.
ChrisA
More information about the Python-list
mailing list