Opportunity missed by Python ?
geremy condra
debatem1 at gmail.com
Sat Oct 15 13:12:22 EDT 2011
On Fri, Oct 14, 2011 at 5:49 PM, alex23 <wuwei23 at gmail.com> wrote:
> On Oct 13, 8:07 pm, Chris Angelico <ros... at gmail.com> wrote:
>> Python, as I found out to my detriment, is practically impossible to
>> sandbox effectively.
>
> The latest version of PyPy introduces a prototype sandbox:
>
> http://pypy.org/features.html#sandboxing
>
> It'll be interesting to see how effective this is.
Please note that their sandbox, while a good idea, is not a guaranteed
jail. It's enforced by replacing calls to external libraries with
trampoline stubs, but does not appear to have any intrinsic mechanism
to prevent calls from being issued without it. That means that if you
were able to successfully inject code you would be no more protected
here than with any other process.
Geremy Condra
> --
> http://mail.python.org/mailman/listinfo/python-list
>
More information about the Python-list
mailing list