On Wed, Jan 26, 2005 at 10:23:03AM -0700, Steven Bethard wrote: > Jack Diederich wrote: > >Yes, this comes up every couple months and there is only one answer: > >This is the job of the OS. > >Java largely succeeds at doing sandboxy things because it was written that > >way from the ground up (to behave both like a program interpreter and an > >OS). > >Python the language was not, and the CPython interpreter definitely was > >not. > > > >Search groups.google.com for previous discussions of this on c.l.py > > Could you give some useful queries? Every time I do this search, I get > a few results, but never anything that really goes into the security > holes in any depth. (They're ususally something like -- "look, given > object, I can get int" not "look, given object, I can get eval, > __import__, etc.)
A search on "rexec bastion" will give you most of the threads, search on "rexec bastion diederich" to see the other times I tried to stop the threads by reccomending reading the older ones *wink*. Thread subjects: Replacement for rexec/Bastion? Creating a capabilities-based restricted execution system Embedding Python in Python killing thread ? -Jack -- http://mail.python.org/mailman/listinfo/python-list
