Creating a reliable sandboxed Python environment
Steven D'Aprano
steve at pearwood.info
Sat May 30 19:52:29 EDT 2015
On Sat, 30 May 2015 09:24 pm, Laura Creighton wrote:
> In a message of Sat, 30 May 2015 19:00:14 +1000, "Steven D'Aprano" writes:
>>I wouldn't have imagined that the claim "it's easier to secure a small
>>language with a few features than a big language with lots of features"
>>would have been so controversial. I wonder if this claim will be equally
>>as controversial?
>>
>>There is a rough correlation between the number of lines of code in a code
>>base, and the number of potential security holes that need to be guarded
>>against.
>
> Maybe these aren't controversial if you are doing langauge level
> sandboxing, but you don't have to sandbox like that. Consider, for a
> moment, the sandboxing technique used by PyPy
> discussed at
>
> http://pypy.readthedocs.org/en/latest/sandbox.html
>
> You think it is way cool, but, alas, you want to sandbox some other
> language than Python.
How many PyPy sandboxes are being used with hostile users motivated to break
out of the sandbox?
"I wrote a sandbox which I can't break out of" is different from "I wrote a
sandbox which nobody can break out of". Javascript is sandboxed, but due to
bugs in implementations, Javascript-based exploits are now heavily used by
malware. There are possibly even more Javascript-based exploits than buffer
overflow based exploits these days, as C programmers get better at using
automated tools that check for buffer overflows.
--
Steven
More information about the Python-list
mailing list