Sandboxing Python [was Re: New user's initial thoughts / criticisms of Python]
Chris Angelico
rosuav at gmail.com
Sat Nov 9 10:32:39 EST 2013
On Sun, Nov 10, 2013 at 2:25 AM, Steven D'Aprano
<steve+comp.lang.python at pearwood.info> wrote:
> On Sun, 10 Nov 2013 01:27:11 +1100, Chris Angelico wrote:
>
>> I was trying to sandbox CPython and run untrusted scripts while stopping
>> them from accessing the OS or file system. It's basically impossible
>
> PyPy is supposed to come with a proper sandbox. Although even in that
> case, I think it is recommended to use a chroot jail to lock access down
> to some subset of the file system.
Yeah, which means that even that wouldn't be sufficient for our
purposes (since part of the spec is that there should be fast and
efficient data transfer between the untrusted code and the main
engine, which has full FS access). That's why we switched away from
Python altogether. Though I think my boss would have benefited from
being forced to learn Python.
ChrisA
More information about the Python-list
mailing list