[Python-Dev] Reviving restricted mode?
tav
tav at espians.com
Sun Feb 22 22:22:27 CET 2009
Hey guys,
benjamin> Even if this patch manages to plug all the holes in the
benjamin> current Python, do we really want to commit our
benjamin> selves to maintaining it through language evolution
benjamin> which will surely introduce new subtle ways to
benjamin> circumvent the guard?
If it would be helpful, I am happy to maintain this as Python evolves.
I've already been maintaining the PJE-inspired ctypes-based approach
and monkeypatches for various Python versions for a while now. See
secure.py, secure25.py, secure26.py and secure30.py in:
http://github.com/tav/plexnet/tree/9dabc570a2499689e773d1af3599a29102071f80/source/plexnet/util
Also, my plans for world domination depend on a secure Python, so I
have the necessary incentives ;p
sameule> I don't have much time these days, for sure not
samuele> until pycon us, to look at the proposed code.
Thanks in advance if/when you get the time for this Samuele!
samuele> E provides and incorporate a lot of thinking
samuele> around [snip]
The functions based approach I am taking is very much taken from E and
inspired by an insight that Ka-Ping Yee had on Python-Dev years ago.
See http://www.erights.org/elib/capability/ode/index.html for a direct
parallel to the approach I've taken...
guido> For Tav's benefit, I think it would be good to at
guido> least add "IsRestricted" checks to
guido> __subclasses__(), gi_code and gi_frame --
guido> that's a trivial patch and if he believes it's
guido> enough he can create a sandbox on app engine
guido> and invite people to try to break out of it... If
guido> someone succeeds....
If someone succeeds...
...My missus might end up leaving me on account of so much crying ;p
Seriously though, it's a relatively risk-free approach. The only
person who stands to lose out is me if I'm wrong =)
In the worst case scenario, this approach would help identify other
"leak" attributes/methods -- which I'm hoping won't be found.
And, in an ideal scenario, we'd have the basis for secure Python
interpreter/programming... which, together with PyPy's sandboxed
interpreter, would seriously rock!
--
enthusiastically, tav
plex:espians/tav | tav at espians.com | +44 (0) 7809 569 369
http://tav.espians.com | http://twitter.com/tav | skype:tavespian
More information about the Python-Dev
mailing list