Creating a reliable sandboxed Python environment
Laura Creighton
lac at openend.se
Sun May 31 02:14:53 EDT 2015
In a message of Sun, 31 May 2015 09:52:29 +1000, "Steven D'Aprano" writes:
>How many PyPy sandboxes are being used with hostile users motivated to break
>out of the sandbox?
>
>"I wrote a sandbox which I can't break out of" is different from "I wrote a
>sandbox which nobody can break out of". Javascript is sandboxed, but due to
>bugs in implementations, Javascript-based exploits are now heavily used by
>malware. There are possibly even more Javascript-based exploits than buffer
>overflow based exploits these days, as C programmers get better at using
>automated tools that check for buffer overflows.
I don't know, as we don't really have a way of tracking who is using
PyPy for anything. We know we have some.
Laura
More information about the Python-list
mailing list