On Mon, Apr 11, 2016 at 12:13:07AM +0100, Jon Ribbens wrote: > > I guess it goes without saying, but just in case, the core team gave up > > on any possibility of in-process sandboxing a very long time ago, and > > all popular implementations are designed with pretty much zero regard > > for this use case.
Just checking, but did you see the work of 'tav'? He's a brit, he might even be on this list. It took the same 'syntactic cleansing' approach that I suppose you are attempting with the ast module, and was discussed at great length on the python-dev list circa 2009-2010ish (IIRC). The problem isn't hiding dangerous names, it is the composition of things you aren't expecting (which is why I mentioned App Engine). A simple example which you probably already know of is the ctypes module, it allows total violation of memory safety. But ctypes is not the only place you find such things, they pop up all over the place. CPython puts a lot of effort into, but nonetheless often fails at things like, negative integers where positive integers are expected (IIRC there are CVEs from 2014 for a core API helper that had a problem with negative integers). Given an API that hands the user a some object that underneath is wrapping a buffer (say, lxml), and given a single method of maybe 10 that in some corner case can be convinced to walk off the end of that buffer and you have a problem. Python is app-level software, it's not designed with Mallory in mind. It's written by some smart folk, but their interests most of the time lie in coping with cluelessly evil developers rather than cluefully evil hackers. > That link has already got some fairly neat code in it, although as > they mention it leaks the parent process's memory to the child, which > makes it useless in my opinion. It really needs to be using exec(), > but that's obviously hard to do in a generic library. The intermediary script is about 5 lines long :) I wrote the article. All the best, David _______________________________________________ python-uk mailing list python-uk@python.org https://mail.python.org/mailman/listinfo/python-uk
