[Python-Dev] Sandboxing Python
Victor Stinner
victor.stinner at gmail.com
Fri Mar 9 01:38:11 CET 2012
More information about the Python-Dev mailing list
Fri Mar 9 01:38:11 CET 2012
- Previous message: [Python-Dev] Sandboxing Python
- Next message: [Python-Dev] Compiling Python on Linux with Intel's icc
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 01/03/2012 22:59, Victor Stinner wrote: >> I challenge anymore to break pysandbox! I would be happy if anyone >> breaks it because it would make it more stronger. Results, one week later. Nobody found a vulnerability giving access to the filesystem or to the sandbox. Armin Rigo complained that CPython has known "crasher" bugs. Except of the compiler recursion, I fixed those bugs in CPython 3.3. Serhiy Storchaka found a bug in the pysandbox timeout: long operations implemented in C hangs the sandbox, the timeout contrain is not applied. Guido proposed to abort the process (use the default SIGALRM action). I proposed to add an option to use a subprocess. Both solutions are not exclusive. Armin Rigo also noticed that PyPy sandbox design is more robust than pysandbox design, I agree with him even if I think a CPython sandbox is useful and users ask for such protection. I have no idea how many developers tried to break the pysandbox security. Victor
- Previous message: [Python-Dev] Sandboxing Python
- Next message: [Python-Dev] Compiling Python on Linux with Intel's icc
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list