Hello Victor, On Wed, Nov 11, 2009 at 11:06 -0500, Victor Williamson wrote: > Hello Pypy dev, > > I am researching ways to allow applications to safely import untrusted > code in Python without having to run the malicious code in its own > process; Pypy may be a good prototyping environment. I want to > verify if any work either as an extension or as interpreter changes has > been done to handle untrusted imports in Pypy.
cool. Have you read http://codespeak.net/pypy/dist/pypy/doc/sandbox.html ? I don't know about projects using PyPy's sandboxing currently. The raw functionality is very powerful but work on deployment and usage is due. During the ongoing Duesseldorf sprint we discussed about a new model to use transparent proxying techniques (http://tinyurl.com/mrq9nc ) to perform imports through a "interpreter backend" subprocess, e.g. CPython, Jython, IPy. In this mode a Sandboxed PyPy could run native applications and represent remote python objects transparently. As a starting point we discussed running QT applications from PyPy in this manner. I am interested to work on related topics. In particular i plan to work on http://codespeak.net/execnet in the upcoming weeks in order to make ad-hoc configuration and deployment of Python interpreters a breeze (also for cross-interpreter testing). Always interested in peers :) cheers, holger _______________________________________________ [email protected] http://codespeak.net/mailman/listinfo/pypy-dev
