On Sat, 30 May 2015 09:24 pm, Laura Creighton wrote: > In a message of Sat, 30 May 2015 19:00:14 +1000, "Steven D'Aprano" writes: >>I wouldn't have imagined that the claim "it's easier to secure a small >>language with a few features than a big language with lots of features" >>would have been so controversial. I wonder if this claim will be equally >>as controversial? >> >>There is a rough correlation between the number of lines of code in a code >>base, and the number of potential security holes that need to be guarded >>against. > > Maybe these aren't controversial if you are doing langauge level > sandboxing, but you don't have to sandbox like that. Consider, for a > moment, the sandboxing technique used by PyPy > discussed at > > http://pypy.readthedocs.org/en/latest/sandbox.html > > You think it is way cool, but, alas, you want to sandbox some other > language than Python.
How many PyPy sandboxes are being used with hostile users motivated to break out of the sandbox? "I wrote a sandbox which I can't break out of" is different from "I wrote a sandbox which nobody can break out of". Javascript is sandboxed, but due to bugs in implementations, Javascript-based exploits are now heavily used by malware. There are possibly even more Javascript-based exploits than buffer overflow based exploits these days, as C programmers get better at using automated tools that check for buffer overflows. -- Steven -- https://mail.python.org/mailman/listinfo/python-list
