On Fri, Nov 19, 2021 at 11:24 AM Dan Stromberg <drsali...@gmail.com> wrote: > > > On Thu, Nov 18, 2021 at 12:21 PM Chris Angelico <ros...@gmail.com> wrote: >> >> If you're trying to make a Python-in-Python sandbox, I recommend not. >> Instead, use an OS-level sandbox (a chroot, probably some sort of CPU >> usage limiting, etc), and use that to guard the entire Python process. >> Python-in-Python will basically *never* be secure. > > > Good advice to not try to sandbox python. > > But chroot can sometimes be broken out of. It isn't a cure-all. >
That's true, but it's way better than attempting Python-in-Python sandboxing. In any case, all the options worth investigating will be at the OS level. (Or maybe higher, but I can't imagine it being practical to create individual VMs for each client who comes to the web site.) ChrisA -- https://mail.python.org/mailman/listinfo/python-list
