killing thread ?
Peter Hansen
peter at engcorp.com
Fri Jan 24 16:34:38 EST 2003
Jp Calderone wrote:
>
> On Fri, Jan 24, 2003 at 07:52:08AM -0800, Paul Rubin wrote:
> > Wha? Python provides the rexec and bastion modules specifically to
> > have a way to run hostile code in a sandbox. So what kind of advice
> > is "don't use Python"? If sandboxed code can be prevented from
> > accessing sensitive data or doing i/o, but can't be prevented from
> > looping unkillably, that's a bug in Python.
>
> Yes, that's why Python provides them. But this misconception (that they
> work) is also why it will soon -not- provide them :P And neither RExec nor
> Bastion ever protected you against "while 1: pass" or "100L ** 100L ** 100L
> ** 100L ** 100L". It is currently not possible to write a secure sandbox in
> Python. I'm not sure if you can call that a bug; it's certainly
> unfortunate.
I always hate to describe something I know next to nothing about, but
I vaguely recall reading about something Zope does, I think, with munging
the generated *bytecode* to ensure that infinite loops and certain other
resource-stealing attacks (like range(1000000)) cannot work effectively.
That's not really using pure *Python*, although perhaps it can be effective
and maybe even reliable as a solution to this tricky problem.
-Peter
More information about the Python-list
mailing list