Creating a reliable sandboxed Python environment
Steven D'Aprano
steve+comp.lang.python at pearwood.info
Tue May 26 03:10:30 EDT 2015
On Tuesday 26 May 2015 12:24, davidfstr at gmail.com wrote:
> I am writing a web service that accepts Python programs as input, runs the
> provided program with some profiling hooks, and returns various
> information about the program's runtime behavior. To do this in a safe
> manner, I need to be able to create a sandbox that restricts what the
> submitted Python program can do on the web server.
>
> Almost all discussion about Python sandboxes I have seen on the internet
> involves selectively blacklisting functionality that gives access to
> system resources, such as trying to hide the "open" builtin to restrict
> access to file I/O. All such approaches are doomed to fail because you can
> always find a way around a blacklist.
It's not so much that you can find your way around a blacklist, but that a
blacklist only bans things which you have thought of. Perhaps the attacker
has thought of something else.
Ideally, a sandbox will whitelist functions which you know are safe, with a
"default deny" policy. That requires building your own parser which only
allows code that passes your whitelist. Even then, the problem is that
perhaps there is an attack vector you didn't think of: something you thought
was safe, actually is not.
Have you read Tav's admirable but failed attempt to sandbox file IO?
http://tav.espians.com/a-challenge-to-break-python-security.html
http://tav.espians.com/paving-the-way-to-securing-the-python-
interpreter.html
http://tav.espians.com/update-on-securing-the-python-interpreter.html
Also google for "Capabilities Python" or CapPython.
My sense is that the only way to safely sandbox Python is to create your own
Python implementation designed with security in mind. You can't get there
starting from CPython. Maybe Jython?
> For my particular sandbox, I wish to allow *only* the following kinds of
> actions (in a whitelist): * reading from stdin & writing to stdout;
> * reading from files, within a set of whitelisted directories;
> * pure Python computation.
Pure Python computation can be used to DOS your machine, e.g.
(100**100)**100 will, I think, do it. (I'm not about to try it.)
--
Steve
More information about the Python-list
mailing list