[pypy-dev] about PyPy's sandbox

Tue, 23 Apr 2013 05:50:32 -0700 

Hi All,
I have study PyPy's sandbox for some time.But as my limited ability,I can't 
understand the detail about the PyPy's sandbox.
And I want to discuss something with you:
 
1.Cuted Modules
What are the reasons to cut some standard modules?
(I mean the modules which in 'working_modules' but not in 
'default_modules'.'working_modules' and 'default_modules' are defined in 
/pypy/config/pypyoption.py)
when generate C code,you use "excute" function's graph to replace the original 
function's graph,implement the function's replace.
I am confused why not use this method in these cuted modules like "_socket".Is 
there any secrity problem? you have used this method in os/posix module.
I could understand the reason about "thread" module,because of stdin/stdout.But 
other modules,I can't understand.
If all dangerous function are replced to send request to controller process,Is 
there still any secrity problem?

2.sandbox_transform/sandbox_stub
This two functions are defined in /pypy/translator/c/node.py, what's the 
difference between them? just because the function "Not Implemented"?
In addition,I found you have sandbox_transform() about 100+ functions in 
sandboxed interpreter,most of them are start with 'll_os',But in controller 
process,the sandlib.py only implemented about 20+ fucntions.why left others?
 
3.which fuction need sandbox_transform()/replace function's graph attribute?
This problem I have not got a clue.Through the source code,I think it is 
related with 'llexternal' function, 'register_external' function,functon 
object's graph attribute……
but I don't know the details about the judgement.
Can you explain it?
 
Furthermore,Besides the webpage:"http://doc.pypy.org/en/latest/sandbox.html"; 
,do you have any more documents about the PyPy's sandbox? The content in that 
webpage is really a little less.
Maybe there are more documents/infomation in the 
site:"http://morepypy.blogspot.com"; ,But as the GFW in China,I can't access 
this site.
_______________________________________________
pypy-dev mailing list
pypy-dev@python.org
http://mail.python.org/mailman/listinfo/pypy-dev

Reply via email to