Nick Coghlan <[EMAIL PROTECTED]> wrote: ... > > If you _can_ execute (whatever) in a separate process, then an approach > > based on BSD's "jail" or equivalent features of other OS's may be able > > to give you all you need, without needing other restrictions to be coded > > in the interpreter (or whatever else you run in that process). > > I think that's where these discussion have historically ended. . . making a > Python-specific sandbox gets complicated enough that it ends up making more > sense to just use an OS-based sandbox that lets you execute arbitrary binaries > relatively safely. > > The last suggestion I recall along these lines was chroot() plus a monitoring > daemon that killed the relevant subprocess if it started consuming too much > memory or looked like it had got stuck in an infinite loop.
"Yes, but" -- that ``if'' at the start of this quote paragraph of mine is, I believe, a meaningful qualification. It is not obvious to me that all applications and platforms can usefully execute untrusted Python code in a separate jail'd process; so, I think there would still be use cases for an in-process sandbox, although it's surely true that making one would not be trivial. Alex -- http://mail.python.org/mailman/listinfo/python-list
