Sandboxes

42 nospam at nospam.com
Mon Aug 22 17:57:06 EDT 2005 

In article <z9adnZyPsq8R3ZfeRVn-3A at powergate.ca>, peter at engcorp.com 
says...
> 42 wrote:
> > I was planning on "sanitizing" the language instead of relying on rexec 
> > and bastion so issues with them shouldn't be relevant.
> 
> I think in dealing with security, deciding what might be relevant before 
> you fully understand the problem is somewhat premature...

True enough, but I don't think in this case it applies.

Its ok to rule as irrelevant the various security problems with various 
locking solutions for your front door when the proposed solution is to 
simply brick the door over, removing it entirely.

> > I'm curious about the 'other' stuff that was alluded to, that could 
> > still occur in a python with all its __import__, import, exec, eval, and 
> > various reflection/metadata builtins prohibited (e.g. getattr)...
> 
> Okay, but are you saying that combining those keywords with "security" 
> when searching comp.lang.python in Google Groups produced no useful 
> results? 

I couldn't say that. I will say that none of the links I clicked on 
revealed an attack that could bootsrap without the functions I proposed 
'removing'.

> When I do it, I generally get to threads where somebody rushes 
> in with suggestions about how to add security where the core Python 
> people fear to tread (so to speak), and after a short period of back and 
> forth where each idea is quickly shot down, the thread sort of dies out 
> as (I suspect) the OP realizes the problems are fundamental and probably 
> can't be fixed without changes to the Python core itself, or at least 
> can't be fixed *with confidence* without a thorough security audit which 
> so far nobody has valued enough to actually do.

Difference being that all the threads I read are trying to 'put full 
python in sandbox' whereas I'd proposed literally hacking out chunks of 
the language.

FWIW I've already given up on making python secure. I agree that odds 
are extremely high that I've missed something. I'm just curious to see 
what one of the holes I left is, preferably without wading through 
hundreds of pages :)

More information about the Python-list mailing list