Sandboxes

[42]

In article <38SdnUU_VbGFkZTeRVn-qA at powergate.ca>, peter at engcorp.com 
says...
> 42 wrote:
> > Thoughts? Still gaping holes?
> 
> Certainly.  And rather than rehash them all here, I'm going to suggest 
> you check the comp.lang.python archives for any of the many past 
> discussions about this before you spend too much time thinking 
> (repeatedly) that you've nailed that one last hole only to have somebody 
> point out yet another way around it.
> 
> -Peter
> 

Fair enough. I'm more or less ready to 'give up' on this fantasy of 
python in a sandbox. I'll either use something else, or just accept the 
risk. :)

But for what its worth, I *am* curious what sorts of holes persist. I 
did try googling the archives, but with no idea what I'm looking for -- 
python security brings up a mess of unrelated issues... Python in 
Apache, rexec/bastion stuff, xss, issues with infinite loops and many 
other 'security' issues that might be relevant to someone running python 
on a web server where you have to be concerned about DOS but not of any 
concern to me... and so on and so forth.

Can you, or someone, at least give me a few keywords I should be looking 
for that will bring matches for the sorts of attachs you've hinted at? 

Mostly just to satisfy my curiousity.

-regards,
Dave