Secure Python

Paul Boddie paul at boddie.org.uk
Thu Nov 16 08:39:57 EST 2006 

Stephan Kuhagen wrote:
>
> Sounds very likely, but does not solve the problem. With resource management
> on the OS level you can indeed set some important limits for untrusted
> scripts, but there are at least two drawbacks, which come to my mind (and
> maybe more, that I'm not aware of): 1. OS level can always only implement
> the lowest common denominator of all OS resource managements to be platform
> independent, which is a strong requirement, IMO.

I think I understand what you intend to say here: that some kind of
Python sandbox relying on operating system facilities can only depend
on facilities implemented in all of the most interesting operating
systems (which I once referred to as "the big three", accompanied by
howls of protest/derision). Yet just as people like to say that
choosing a language is all about "choosing the right tool for the job",
shouldn't the choice of operating system be significant as well? If
you're running a "Try Python" Web site, as some people were doing a few
months ago, isn't it important to choose the right operating system as
part of the right complete environment, instead of having the
theoretical possibility of running it on something like RISC OS, yet
having someone take your site down within seconds anyway? I don't know
whether it's the same people who like to promote "how well Python plays
with everything else" who also demand totally cross-platform solutions
("if it doesn't work on Windows, we won't do it"), but if so, I'd be
interested in how they manage to reconcile these views.

[...]

> A good sandbox seems to be a real adventure with few survivors, as can be seen in the
> JavaScript-world.

Certainly, there are interesting directions to be taken with safe
execution at the language and runtime levels, but as technologies like
Java (in particular) have shown, it's possible for a project or a
company to find itself focusing heavily on such strategies at the cost
of readily available, mature technologies which might be good enough.
The emergence of virtualisation as a commodity technology would suggest
that sandboxing language runtimes isn't as fashionable as it was ten
years ago.

Paul

More information about the Python-list mailing list