On Wed, Nov 13, 2013 at 6:58 AM, Brett Cannon <br...@python.org> wrote:
> > > > On Wed, Nov 13, 2013 at 6:30 AM, Facundo Batista <facundobati...@gmail.com > > wrote: > >> On Wed, Nov 13, 2013 at 4:37 AM, Maciej Fijalkowski <fij...@gmail.com> >> wrote: >> >> >> Do you think it would be productive to create an independent Python >> >> compiler, designed with sandboxing in mind from the beginning? >> > >> > PyPy sandbox does work FYI >> > >> > It might not do exactly what you want, but it both provides a full >> > python and security. >> >> If we have sandboxing using PyPy... what also we need to put Python >> running in the browser? (like javascript, you know) >> >> Thanks! >> > > You can try to get PNaCl to work with Python to get a Python executable > that at least Chrome can run. > Two corrections: 1. CPython already works with NaCl and PNaCl (there are working patches in naclports to build it) 2. It can be used outside Chrome as well, using the standalone "sel_ldr" tool that will then allow to run a sandboxed CPython .nexe from the command line Note that this is a fundamentally different sandboxing model (the whole interpreter is run in a sandbox), but it's also more secure. PNaCl has shipped publicly yesterday, so Chrome runs native code *from the web* on your machine - a lot of security research and work went into making this possible. As for performance, the sandboxing overhead of NaCl is very low (< 10% in most cases). Eli
_______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com