On Fri, Oct 14, 2011 at 5:49 PM, alex23 <wuwe...@gmail.com> wrote: > On Oct 13, 8:07 pm, Chris Angelico <ros...@gmail.com> wrote: >> Python, as I found out to my detriment, is practically impossible to >> sandbox effectively. > > The latest version of PyPy introduces a prototype sandbox: > > http://pypy.org/features.html#sandboxing > > It'll be interesting to see how effective this is.
Please note that their sandbox, while a good idea, is not a guaranteed jail. It's enforced by replacing calls to external libraries with trampoline stubs, but does not appear to have any intrinsic mechanism to prevent calls from being issued without it. That means that if you were able to successfully inject code you would be no more protected here than with any other process. Geremy Condra > -- > http://mail.python.org/mailman/listinfo/python-list > -- http://mail.python.org/mailman/listinfo/python-list
