[Python-Dev] new security doc using object-capabilities
Nick Maclaren
nmm1 at cus.cam.ac.uk
Thu Jul 20 13:10:13 CEST 2006
"Giovanni Bajo" <rasky at develer.com> wrote:
>
> This recipe for safe_eval:
> http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/496746
> which is otherwise very cute, does not handle this case as well: it tries to
> catch and interrupt long-running operations through a secondary thread, but
> fails on a single long operation because the GIL is not released and the
> alarm thread does not get its chance to run.
Grin :-)
You have put your finger on the Great Myth of such virtualisations,
which applies to the system-level ones and even to the hardware-level
ones. In practice, there is always some request that a sandbox can
make to the hypervisor that can lock out or otherwise affect other
sandboxes.
The key is, of course, to admit that and to specify what is and is
not properly virtualised, so that the consequences can at least be
analysed.
Regards,
Nick Maclaren,
University of Cambridge Computing Service,
New Museums Site, Pembroke Street, Cambridge CB2 3QH, England.
Email: nmm1 at cam.ac.uk
Tel.: +44 1223 334761 Fax: +44 1223 334679
More information about the Python-Dev
mailing list