[Python-Dev] Sandboxing Python
Victor Stinner
victor.stinner at gmail.com
Sat Mar 3 22:37:54 CET 2012
More information about the Python-Dev mailing list
Sat Mar 3 22:37:54 CET 2012
- Previous message: [Python-Dev] Sandboxing Python
- Next message: [Python-Dev] Sandboxing Python
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi, Le 03/03/2012 20:13, Armin Rigo a écrit : >>> I challenge anymore to break pysandbox! I would be happy if anyone >>> breaks it because it would make it more stronger. > > I tried to run the files from Lib/test/crashers and --- kind of > obviously --- I found at least two of them that still segfaults > execfile.py, sometimes with minor edits and sometimes directly, on > CPython 2.7. As described in the README file of pysandbox, pysandbox doesn't protect against vulnerabilities or bugs in Python. > As usual, I don't see the point of "challenging" us when we have > crashers already documented. Also, it's not like Lib/test/crashers > contains in detail *all* crashers that exist; some of them are of the > kind "there is a general issue with xxx, here is an example". > > If you are not concerned about segfaults but only real attacks, then > fine, I will not spend the hours necessary to turn the segfault into a > real attack :-) You may be able to exploit crashers, but I don't plan to workaround such CPython bug in pysandbox. I'm looking for vulnerabilities in pysandbox, not in CPython. Victor
- Previous message: [Python-Dev] Sandboxing Python
- Next message: [Python-Dev] Sandboxing Python
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list