> I strongly disagree that sandbox is secure because it's "just > segfaults" and "any code is exploitable that way". Finding segfaults > in CPython is "easy". As in all you need is armin, a bit of coffee and > a free day. Reasons for this vary, but one of those is that python is > a large code base that does not have automatic ways of preventing such > issues like C-level recursion. > > For a comparison, PyPy sandbox is a compiled from higher-level > language program that by design does not have all sorts of problems > described. The amount of code you need to carefully review is very > minimal (as compared to the entire CPython interpreter). It does not > mean it has no bugs, but it does mean finding segfaults is a > significantly harder endeavour. There are no bug-free programs, > however having for example to segfault an arbitrary interpreter > *written* in Python would be significantly harder than one in C, > wouldn't it?
While this may true, I can't conclude that we should stop fixing crashers in CPython, or give up developing CPython altogether. While it is a large code base, it is also a code base that will be around for a long time to come, so any effort spend on this today will pay off in the years to come. Regards, Martin _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com