import question

Chris Angelico rosuav at gmail.com
Thu Nov 18 21:18:19 EST 2021


On Fri, Nov 19, 2021 at 11:24 AM Dan Stromberg <drsalists at gmail.com> wrote:
>
>
> On Thu, Nov 18, 2021 at 12:21 PM Chris Angelico <rosuav at gmail.com> wrote:
>>
>> If you're trying to make a Python-in-Python sandbox, I recommend not.
>> Instead, use an OS-level sandbox (a chroot, probably some sort of CPU
>> usage limiting, etc), and use that to guard the entire Python process.
>> Python-in-Python will basically *never* be secure.
>
>
> Good advice to not try to sandbox python.
>
> But chroot can sometimes be broken out of.  It isn't a cure-all.
>

That's true, but it's way better than attempting Python-in-Python
sandboxing. In any case, all the options worth investigating will be
at the OS level.

(Or maybe higher, but I can't imagine it being practical to create
individual VMs for each client who comes to the web site.)

ChrisA


More information about the Python-list mailing list