import question
Dan Stromberg
drsalists at gmail.com
Thu Nov 18 23:00:10 EST 2021
On Thu, Nov 18, 2021 at 6:19 PM Chris Angelico <rosuav at gmail.com> wrote:
> On Fri, Nov 19, 2021 at 11:24 AM Dan Stromberg <drsalists at gmail.com>
> wrote:
> >
> >
> > On Thu, Nov 18, 2021 at 12:21 PM Chris Angelico <rosuav at gmail.com>
> wrote:
> >>
> >> If you're trying to make a Python-in-Python sandbox, I recommend not.
> >> Instead, use an OS-level sandbox (a chroot, probably some sort of CPU
> >> usage limiting, etc), and use that to guard the entire Python process.
> >> Python-in-Python will basically *never* be secure.
> >
> >
> > Good advice to not try to sandbox python.
> >
> > But chroot can sometimes be broken out of. It isn't a cure-all.
> >
>
> That's true, but it's way better than attempting Python-in-Python
> sandboxing. In any case, all the options worth investigating will be
> at the OS level.
>
> (Or maybe higher, but I can't imagine it being practical to create
> individual VMs for each client who comes to the web site.)
>
Actually, there are ports of CPython and Micropython that run inside a web
browser over WASM. Going with one of these might be safer.
More information about the Python-list
mailing list