Creating a reliable sandboxed Python environment

marco.nawijn at colosso.nl marco.nawijn at colosso.nl
Tue May 26 08:01:38 EDT 2015 

On Tuesday, May 26, 2015 at 4:24:32 AM UTC+2, davi... at gmail.com wrote:
> I am writing a web service that accepts Python programs as input, runs the provided program with some profiling hooks, and returns various information about the program's runtime behavior. To do this in a safe manner, I need to be able to create a sandbox that restricts what the submitted Python program can do on the web server.
> 
> Almost all discussion about Python sandboxes I have seen on the internet involves selectively blacklisting functionality that gives access to system resources, such as trying to hide the "open" builtin to restrict access to file I/O. All such approaches are doomed to fail because you can always find a way around a blacklist.
> 
> For my particular sandbox, I wish to allow *only* the following kinds of actions (in a whitelist):
> * reading from stdin & writing to stdout;
> * reading from files, within a set of whitelisted directories;
> * pure Python computation.
> 
> In particular all other operations available through system calls are banned. This includes, but is not limited to:
> * writing to files;
> * manipulating network sockets;
> * communicating with other processes.
> 
> I believe it is not possible to limit such operations at the Python level. The best you could do is try replacing all the standard library modules, but that is again just a blacklist - it won't prevent a determined attacker from doing things like constructing their own 'code' object and executing it.
> 
> It might be necessary to isolate the Python process at the operating system level.
> * A chroot jail on Linux & OS X can limit access to the filesystem. Again this is just a blacklist.
> * No obvious way to block socket creation. Again this would be just a blacklist.
> * No obvious way to detect unapproved system calls and block them.
> 
> In the limit, I could dynamically spin up a virtual machine and execute the Python program in the machine. However that's extremely expensive in computational time.
> 
> Has anyone on this list attempted to sandbox Python programs in a serious fashion? I'd be interested to hear your approach.
> 
> - David

What about launching the Python process in a Docker container?
Spinning up a new container is pretty quick and it might provide
you with enough isolation. Probably not a perfect solution, but
I do believe that it would be easier than trying to sandbox Python
itself.

Marco

More information about the Python-list mailing list