J Dunford wrote:
On Fri, Sep 5, 2008 at 6:07 PM, [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]> <[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>> wrote:
hi,
i would like to bring up this topic again since a python based
open source alternative to flash which could be used to create
browser games would be super awesome. :)
if i understand this correctly then the main problem of something
like that is security.
In my experience, the general consensus with sandboxing python is -
don't try it. There are simply too many holes to plug, and finding
them in the first place is often a matter of trial and error.
Having said that, there was a blog post recently (sorry, don't
remember where) that talked about compiling Python into Tamarin VM
code. There was some mention of either using PyPy as a starting point,
or perhaps as a reference model.
So what you're proposing may already be in the works. :)
Sandboxing python must be done at the operating system and process
level, not with Python itself. Google is already running tons of
"untrusted" python code with their Google App Hosting. The interpreter
and modules are modified a bit themselves, but the real security comes
from real process sandboxing.
I also believe you can do pretty good sandboxing with different Python
runtimes. I think Jython and Ironpython can both be run in containers
that those systems provide. The default "CPython" interpreter can
probably only be as secure as C itself.
