Stephan Kuhagen wrote: > > Sounds very likely, but does not solve the problem. With resource management > on the OS level you can indeed set some important limits for untrusted > scripts, but there are at least two drawbacks, which come to my mind (and > maybe more, that I'm not aware of): 1. OS level can always only implement > the lowest common denominator of all OS resource managements to be platform > independent, which is a strong requirement, IMO.
I think I understand what you intend to say here: that some kind of Python sandbox relying on operating system facilities can only depend on facilities implemented in all of the most interesting operating systems (which I once referred to as "the big three", accompanied by howls of protest/derision). Yet just as people like to say that choosing a language is all about "choosing the right tool for the job", shouldn't the choice of operating system be significant as well? If you're running a "Try Python" Web site, as some people were doing a few months ago, isn't it important to choose the right operating system as part of the right complete environment, instead of having the theoretical possibility of running it on something like RISC OS, yet having someone take your site down within seconds anyway? I don't know whether it's the same people who like to promote "how well Python plays with everything else" who also demand totally cross-platform solutions ("if it doesn't work on Windows, we won't do it"), but if so, I'd be interested in how they manage to reconcile these views. [...] > A good sandbox seems to be a real adventure with few survivors, as can be > seen in the > JavaScript-world. Certainly, there are interesting directions to be taken with safe execution at the language and runtime levels, but as technologies like Java (in particular) have shown, it's possible for a project or a company to find itself focusing heavily on such strategies at the cost of readily available, mature technologies which might be good enough. The emergence of virtualisation as a commodity technology would suggest that sandboxing language runtimes isn't as fashionable as it was ten years ago. Paul -- http://mail.python.org/mailman/listinfo/python-list