On Sun, Feb 26, 2023, 5:42 PM Chris Angelico <ros...@gmail.com> wrote:
> On Mon, 27 Feb 2023 at 08:33, python--- via Python-ideas
> <python-ideas@python.org> wrote:
> >
> > Thank you for the insight. I have some more work to do! I will share on
> this thread again when I've made further changes.
> >
> > If you have some time, I would be grateful if you could share a few
> test cases such as "bypass it by spinning off a new thread", or.
> > object.__subclasses__. code is not necessary but just pointers.
> >
>
> The trouble with that is, I don't really want to build and run your
> Python just for the test, so all I can really do is talk
> theoretically. But if you can name any module that IS permitted to
> import code, I can attempt (on a vanilla Python) to trigger it to
> import something of my choice.
>
> It's worth noting, for instance, that sys.path and its friends can be
> manipulated to control what would be imported; a trusted module could
> potentially be tricked into importing anything at all.
>
> Python simply isn't designed for security boundaries.
>
Trying to just application sandbox Python again? Python is not (and
possibly cannot be) made a sufficient sandbox; and neither can other
languages solve without breaking changes, too
Things you can do, things you can't:
- setcap a (virtualenv) bin/python
- differentiate between code and data using the NX bit, *when a c extension
(with nested functions,) is imported [1][2]. The NX bit doesn't work if you
import a C extension.
- Work with the ctypes module:
import ctypes
ctypes.cast(1, ctypes.py_object)
- strip modules out of stdlib (and patch importlib) before compiling
- "PEP 594 – Removing dead batteries from the standard library"
https://peps.python.org/pep-0594/
- there were mailing list and probably also discourse discussions of how
to allow customized builds of CPython with modules excluded. I'll keep
looking for the link
[1] https://groups.google.com/g/dev-python/c/67Et2KtpzG4
[2] https://en.wikipedia.org/wiki/Nested_function#No-execute_stacks
(E.g. BinderHub and Dask will run [Python, conda-forge,] code in k8s and
containers to sandbox / process-isolate it.)
Is it possible to grant a WASM runtime - in a browser application sandbox
(with IPC APIs (all running under one user)) - access to syscalls (WASI,)
and have provide sufficient security assurances, even?
Python does not yet (?) have browser-like sandboxing features.
There have been various efforts and pycon presentations on sandboxing
Python with Python; most of them retrospectives just.
_______________________________________________
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-le...@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at
https://mail.python.org/archives/list/python-ideas@python.org/message/MAJ7DIM3WDZHCIOQMKKSWT5NLLIACENF/
Code of Conduct: http://python.org/psf/codeofconduct/
