Le dimanche 28 février 2010 23:40:59, Daniel Fetchinson a écrit : > >>I guess they also have some kind of a sandbox if they let people run > >>python on their machines, I'm not sure if it's open source though. > > > > Thing is, I'm sure that Google uses a critical backstop to any > > Python-based sandbox: something like a chroot jail. The Python sandbox > > is mostly there to inform you about what you can and can't do; the real > > security is provided by the OS. > > I see, makes perfect sense. This then raises the question whether it's > important to have a 100% fool proof python sandbox without help from > the OS, or this goal is not only too ambitious but also not really a > useful one.
This is just impossible :-) PHP tried that but it's too hard to write an exhaustive blacklist because too much code have to be modified. If you require a 100% fool proof sandbox, you have to use a sandbox between the Python process and the OS (and not inside the Python process). > One aspect might be that one might want to have a platform > independent way of sandboxing, perhaps. The problem have to be splitted in two parts: protect access to OS resources (files, network, etc.) and protect access to Python objects (eg. create a read only view of objects injected to the sandbox). An "OS sandbox" can not protect objects inside the Python object. And pysandbox cannot protect all access to OS resources (but I try to do that :-)). pysandbox is a possible solution to the second problem: control Python object space. -- Victor Stinner http://www.haypocalc.com/ -- http://mail.python.org/mailman/listinfo/python-list
