Le samedi 27 février 2010 18:37:22, Daniel Fetchinson a écrit : > It's google's hosting solution called app engine, for python web > applications: http://code.google.com/appengine/docs/python/gettingstarted/ > > I guess they also have some kind of a sandbox if they let people run > python on their machines, I'm not sure if it's open source though.
Yes, Google AppEngine has its Python sandbox and the source code is available online. I don't know the license. I found 7 vulnerabilities in 1 hour :-) I contacted Google security team. To answer to your question "How is [AppEngine] different from your project?": * pysanbox has an import whitelist, whereas AppEngine has an import blacklist (subprocess, socket, ... builtin modules are replaced by safe versions). Import a Python module written in C is forbidden. * Import a module in AppEngine imports all symbols, whereas pysandbox uses also a symbol whitelist. * AppEngine doesn't have proxies, all objects are modifiable (eg. sys.path) There are other differences, but I prefer to wait for the answer from Google before telling you more :) AppEngine sandbox and pysandbox projects are very close: most protections are based on blacklists, whereas RestrictedPython is only based on whitelists. -- Victor Stinner http://www.haypocalc.com/ -- http://mail.python.org/mailman/listinfo/python-list
