[Python-Dev] Sandboxing Python
Victor Stinner
victor.stinner at gmail.com
Mon Mar 5 22:16:24 CET 2012
2012/3/5 Serhiy Storchaka <storchaka at gmail.com>:
> 05.03.12 11:09, Victor Stinner написав(ла):
>
>> pysandbox uses SIGALRM with a timeout of 5 seconds by default. You can
>> change this timeout or disable it completly.
>>
>> pysandbox doesn't provide a function to limit the memory yet, you have
>> to do it manually. It's not automatic because there is no portable way
>> to implement such limit and it's difficult to configure it. For my IRC
>> bot using pysandbox, setrlimit() is used with RLIMIT_AS.
>
>
> But it does not work for extensive C-calculations. `sum(xrange(1000000000))`
> runs 2.5 minutes on my computer instead of 5 seconds, and `map(sum,
> [xrange(1000000000)] * 1000000)` -- almost infinity time. pysandbox doesn't
> provide a reliable time limit too, it is also necessary to mention.
Ah yes, I realized that SIGALRM is handled by the C signal handler,
but Python only handles the signal later. sum() doesn't call
PyErr_CheckSignals() to check for pending signals.
Apply the timeout would require to modify the sum() function. A more
generic solution would be to use a subprocess.
Victor
More information about the Python-Dev
mailing list