Chroot Jail Not Secure for Sandboxing Python?
gregpinero at gmail.com
gregpinero at gmail.com
Mon Jun 25 01:36:16 EDT 2007
On Jun 25, 1:21 am, "gregpin... at gmail.com" <gregpin... at gmail.com>
wrote:
> This wiki page suggests using a chroot jail to sandbox Python, but
> wouldn't running something like this in your sandboxed Python instance
> still break you out of the chroot jail:
>
> os.execle ('/usr/bin/python','-c','import os; os.execlp("/bin/sh")',
> {})
>
> or maybe:
>
> del os.environ['LD_PRELOAD']
> os.execl ('/usr/bin/python','-c','import os; os.execlp("/bin/sh")')
>
> My ISP suggested these as counter-examples to my request for a chroot
> jail. (I couldn't even get Python running in chroot to test this, nor
> could I run these commands locally in Python on Ubuntu, though maybe
> they opened sh?)
>
> So is a chroot jail not adequate for sandboxing Python?
>
> -Greg
Edit: Google groups stripped out the URL. It's
http://wiki.python.org/moin/How_can_I_run_an_untrusted_Python_script_safely_(i.e._Sandbox)
(or the page titled this on the Python wiki if it strips out the url
above again)
"How can I run an untrusted Python script safely (i.e. Sandbox)"
-Greg
More information about the Python-list
mailing list