limited python virtual machine
Alex Martelli
aleaxit at yahoo.com
Sun Jan 30 03:22:07 EST 2005
Nick Coghlan <ncoghlan at iinet.net.au> wrote:
...
> > If you _can_ execute (whatever) in a separate process, then an approach
> > based on BSD's "jail" or equivalent features of other OS's may be able
> > to give you all you need, without needing other restrictions to be coded
> > in the interpreter (or whatever else you run in that process).
>
> I think that's where these discussion have historically ended. . . making a
> Python-specific sandbox gets complicated enough that it ends up making more
> sense to just use an OS-based sandbox that lets you execute arbitrary binaries
> relatively safely.
>
> The last suggestion I recall along these lines was chroot() plus a monitoring
> daemon that killed the relevant subprocess if it started consuming too much
> memory or looked like it had got stuck in an infinite loop.
"Yes, but" -- that ``if'' at the start of this quote paragraph of mine
is, I believe, a meaningful qualification. It is not obvious to me that
all applications and platforms can usefully execute untrusted Python
code in a separate jail'd process; so, I think there would still be use
cases for an in-process sandbox, although it's surely true that making
one would not be trivial.
Alex
More information about the Python-list
mailing list