Chroot Jail Not Secure for Sandboxing Python?
gregpinero at gmail.com
gregpinero at gmail.com
Mon Jun 25 01:21:32 EDT 2007
This wiki page suggests using a chroot jail to sandbox Python, but
wouldn't running something like this in your sandboxed Python instance
still break you out of the chroot jail:
os.execle ('/usr/bin/python','-c','import os; os.execlp("/bin/sh")',
{})
or maybe:
del os.environ['LD_PRELOAD']
os.execl ('/usr/bin/python','-c','import os; os.execlp("/bin/sh")')
My ISP suggested these as counter-examples to my request for a chroot
jail. (I couldn't even get Python running in chroot to test this, nor
could I run these commands locally in Python on Ubuntu, though maybe
they opened sh?)
So is a chroot jail not adequate for sandboxing Python?
-Greg
More information about the Python-list
mailing list