[Python-Dev] The pysandbox project is broken
Brett Cannon
brett at python.org
Wed Nov 13 19:27:06 CET 2013
On Wed, Nov 13, 2013 at 1:05 PM, Eli Bendersky <eliben at gmail.com> wrote:
>
>
>
> On Wed, Nov 13, 2013 at 6:58 AM, Brett Cannon <brett at python.org> wrote:
>
>>
>>
>>
>> On Wed, Nov 13, 2013 at 6:30 AM, Facundo Batista <
>> facundobatista at gmail.com> wrote:
>>
>>> On Wed, Nov 13, 2013 at 4:37 AM, Maciej Fijalkowski <fijall at gmail.com>
>>> wrote:
>>>
>>> >> Do you think it would be productive to create an independent Python
>>> >> compiler, designed with sandboxing in mind from the beginning?
>>> >
>>> > PyPy sandbox does work FYI
>>> >
>>> > It might not do exactly what you want, but it both provides a full
>>> > python and security.
>>>
>>> If we have sandboxing using PyPy... what also we need to put Python
>>> running in the browser? (like javascript, you know)
>>>
>>> Thanks!
>>>
>>
>> You can try to get PNaCl to work with Python to get a Python executable
>> that at least Chrome can run.
>>
>
> Two corrections:
>
> 1. CPython already works with NaCl and PNaCl (there are working patches in
> naclports to build it)
>
Anything that should be upstreamed?
> 2. It can be used outside Chrome as well, using the standalone "sel_ldr"
> tool that will then allow to run a sandboxed CPython .nexe from the command
> line
>
Sure, but I was just thinking about the "in browser" question Facundo asked
about.
>
> Note that this is a fundamentally different sandboxing model (the whole
> interpreter is run in a sandbox), but it's also more secure. PNaCl has
> shipped publicly yesterday, so Chrome runs native code *from the web* on
> your machine - a lot of security research and work went into making this
> possible.
>
> As for performance, the sandboxing overhead of NaCl is very low (< 10% in
> most cases).
>
I feel like we need to have a page at python.org (or somewhere) that
provides every which way to run Python from the browser for people to try
the interpreter out as easily as possible.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20131113/539fbef7/attachment.html>
More information about the Python-Dev
mailing list