[python-uk] [dw at hmmz.org: Re: Python sandboxing (last week's dojo challenge)]

David Wilson dw+python-uk at hmmz.org
Sun Apr 10 19:19:41 EDT 2016


On Mon, Apr 11, 2016 at 12:13:07AM +0100, Jon Ribbens wrote:

> > I guess it goes without saying, but just in case, the core team gave up
> > on any possibility of in-process sandboxing a very long time ago, and
> > all popular implementations are designed with pretty much zero regard
> > for this use case.

Just checking, but did you see the work of 'tav'? He's a brit, he might
even be on this list. It took the same 'syntactic cleansing' approach
that I suppose you are attempting with the ast module, and was discussed
at great length on the python-dev list circa 2009-2010ish (IIRC).

The problem isn't hiding dangerous names, it is the composition of
things you aren't expecting (which is why I mentioned App Engine). A
simple example which you probably already know of is the ctypes module,
it allows total violation of memory safety.

But ctypes is not the only place you find such things, they pop up all
over the place. CPython puts a lot of effort into, but nonetheless often
fails at things like, negative integers where positive integers are
expected (IIRC there are CVEs from 2014 for a core API helper that had a
problem with negative integers). Given an API that hands the user a some
object that underneath is wrapping a buffer (say, lxml), and given a
single method of maybe 10 that in some corner case can be convinced to
walk off the end of that buffer and you have a problem.

Python is app-level software, it's not designed with Mallory in mind.
It's written by some smart folk, but their interests most of the time
lie in coping with cluelessly evil developers rather than cluefully evil
hackers.


> That link has already got some fairly neat code in it, although as
> they mention it leaks the parent process's memory to the child, which
> makes it useless in my opinion. It really needs to be using exec(),
> but that's obviously hard to do in a generic library.

The intermediary script is about 5 lines long :)  I wrote the article.

All the best,


David


More information about the python-uk mailing list