Chroot Jail Not Secure for Sandboxing Python?
gregpinero at gmail.com
gregpinero at gmail.com
Mon Jun 25 02:22:25 EDT 2007
On Jun 25, 1:43 am, "Martin v. Löwis" <mar... at v.loewis.de> wrote:
> gregpin... at gmail.com schrieb:
>
> > This wiki page suggests using a chroot jail to sandbox Python, but
> > wouldn't running something like this in your sandboxed Python instance
> > still break you out of the chroot jail:
>
> > os.execle ('/usr/bin/python','-c','import os; os.execlp("/bin/sh")',
> > {})
>
> Depending on how the chroot jail is set up, this command might not
> work - in the jail, /bin/sh might not exist.
This was my thought too. I just figured there was something special
about this command that brought one to the "real" Python intrepreter
and then to the real "/bin/sh". That's odd, my ISP seem adament that
this is a way to break out. I'll just have to put in the work to test
to locally I guess.
> > So is a chroot jail not adequate for sandboxing Python?
>
> You have to define your threat model. If the threat to prevent is
> a malicious user getting at your data, or spreading a virus
> through your files, then chroot is perfectly adequate.
Yeah, sounds like my threat model. Maybe prevent someone sending
spam, or DOS from my server too.
-Greg
More information about the Python-list
mailing list