Challenge: escape from the pysandbox
Victor Stinner
victor.stinner at haypocalc.com
Tue Mar 2 21:37:44 EST 2010
Le dimanche 28 février 2010 23:40:59, Daniel Fetchinson a écrit :
> >>I guess they also have some kind of a sandbox if they let people run
> >>python on their machines, I'm not sure if it's open source though.
> >
> > Thing is, I'm sure that Google uses a critical backstop to any
> > Python-based sandbox: something like a chroot jail. The Python sandbox
> > is mostly there to inform you about what you can and can't do; the real
> > security is provided by the OS.
>
> I see, makes perfect sense. This then raises the question whether it's
> important to have a 100% fool proof python sandbox without help from
> the OS, or this goal is not only too ambitious but also not really a
> useful one.
This is just impossible :-) PHP tried that but it's too hard to write an
exhaustive blacklist because too much code have to be modified. If you require
a 100% fool proof sandbox, you have to use a sandbox between the Python
process and the OS (and not inside the Python process).
> One aspect might be that one might want to have a platform
> independent way of sandboxing, perhaps.
The problem have to be splitted in two parts: protect access to OS resources
(files, network, etc.) and protect access to Python objects (eg. create a read
only view of objects injected to the sandbox).
An "OS sandbox" can not protect objects inside the Python object. And
pysandbox cannot protect all access to OS resources (but I try to do that
:-)).
pysandbox is a possible solution to the second problem: control Python object
space.
--
Victor Stinner
http://www.haypocalc.com/
More information about the Python-list
mailing list