import question

Mats Wichmann mats at wichmann.us
Fri Nov 19 10:13:04 EST 2021


On 11/18/21 21:00, Dan Stromberg wrote:
> On Thu, Nov 18, 2021 at 6:19 PM Chris Angelico <rosuav at gmail.com> wrote:
> 
>> On Fri, Nov 19, 2021 at 11:24 AM Dan Stromberg <drsalists at gmail.com>
>> wrote:
>>>
>>>
>>> On Thu, Nov 18, 2021 at 12:21 PM Chris Angelico <rosuav at gmail.com>
>> wrote:
>>>>
>>>> If you're trying to make a Python-in-Python sandbox, I recommend not.
>>>> Instead, use an OS-level sandbox (a chroot, probably some sort of CPU
>>>> usage limiting, etc), and use that to guard the entire Python process.
>>>> Python-in-Python will basically *never* be secure.
>>>
>>>
>>> Good advice to not try to sandbox python.
>>>
>>> But chroot can sometimes be broken out of.  It isn't a cure-all.
>>>
>>
>> That's true, but it's way better than attempting Python-in-Python
>> sandboxing. In any case, all the options worth investigating will be
>> at the OS level.
>>
>> (Or maybe higher, but I can't imagine it being practical to create
>> individual VMs for each client who comes to the web site.)
>>
> 
> Actually, there are ports of CPython and Micropython that run inside a web
> browser over WASM.  Going with one of these might be safer.

indeed... see pyodide

https://github.com/pyodide/pyodide




More information about the Python-list mailing list