[Python-Dev] Reviving restricted mode?
Steven D'Aprano
steve at pearwood.info
Wed Aug 13 18:58:39 CEST 2014
On Thu, Aug 14, 2014 at 02:26:29AM +1000, Chris Angelico wrote:
> On Wed, Aug 13, 2014 at 11:11 PM, Isaac Morland <ijmorlan at uwaterloo.ca> wrote:
> > While I would not claim a Python sandbox is utterly impossible, I'm
> > suspicious that the whole "consenting adults" approach in Python is
> > incompatible with a sandbox. The whole idea of a sandbox is to absolutely
> > prevent people from doing things even if they really want to and know what
> > they are doing.
The point of a sandbox is that I, the consenting adult writing the
application in the first place, may want to allow *untrusted others* to
call Python code without giving them control of the entire application.
The consenting adults rule applies to me, the application writer, not
them, the end-users, even if they happen to be writing Python code. If
they want unrestricted access to the Python interpreter, they can run
their code on their own machine, not mine.
> It's certainly not *fundamentally* impossible to sandbox Python.
> However, the question becomes one of how much effort you're going to
> go to and how much you're going to restrict the code.
I believe that PyPy has an effective sandbox, but to what degree of
effectiveness I don't know.
http://pypy.readthedocs.org/en/latest/sandbox.html
I've had rogue Javascript crash my browser or make my entire computer
effectively unusable often enough that I am skeptical about claims that
Javascript in the browser is effectively sandboxed, so I'm doubly
cautious about Python.
--
Steven
More information about the Python-Dev
mailing list