> The United Security Conference is Sept 19 and 20 in San Francisco. > http://www.net-security.org/conference.php?id=445 Sept 9 is very > close for having a proposal ready, and then somebody would have > to go to SF. On the other hand, the sandboxing in PyPy is > definitely innovative, and if they are just announcing their > contest now, there may not _be_ many other people competing for > the money. Of course we would have to find out something to do > with sandboxing. >
If anyone is looking for ideas i have been playing with containers/namespaces and seccomp support on linux and believe it can be applied to sandbox mode with a bit of effort. there are one or two issues in regards to memory related syscalls that may need a bit of thinking through but it should tighten the security of sandbox mode under linux a bit more it would also be interesting to look into what other security primitives Mac OSX and windows provide as well as the BSD's and if they can be integrated and i would be interested in these extra features to expand my code if anybody wants to play or see what its about hit http://code.pocketnix.org/asylum code is WIP and massive changes over the next couple of weeks are possible. at the moment the code is not pypy specific and can be used to isolate cpython in a jail/container containers/namspaces are OS level vitalization. one kernel multiple instances of userspace (think similar to BSD jails or a more fine grain openVZ) seccomp disables all syscalls except sigreturn, read/write and _exit to isolate an app and help prevent a malicious program from inflicting harm. it was originally conceived so users could rent out cpu cycles if someone decides to go with this i am more than willing to help out or get anyone up to speed on it. or if anyone is interested in general let me know _______________________________________________ pypy-dev mailing list pypy-dev@python.org http://mail.python.org/mailman/listinfo/pypy-dev
