On Mon, Feb 27, 2023, 8:12 AM Wes Turner <wes.tur...@gmail.com> wrote:
> > > On Sun, Feb 26, 2023, 5:42 PM Chris Angelico <ros...@gmail.com> wrote: > >> On Mon, 27 Feb 2023 at 08:33, python--- via Python-ideas >> <python-ideas@python.org> wrote: >> > >> > Thank you for the insight. I have some more work to do! I will share on >> this thread again when I've made further changes. >> > >> > If you have some time, I would be grateful if you could share a few >> test cases such as "bypass it by spinning off a new thread", or. >> > object.__subclasses__. code is not necessary but just pointers. >> > >> >> The trouble with that is, I don't really want to build and run your >> Python just for the test, so all I can really do is talk >> theoretically. But if you can name any module that IS permitted to >> import code, I can attempt (on a vanilla Python) to trigger it to >> import something of my choice. >> >> It's worth noting, for instance, that sys.path and its friends can be >> manipulated to control what would be imported; a trusted module could >> potentially be tricked into importing anything at all. >> >> Python simply isn't designed for security boundaries. >> > > Trying to just application sandbox Python again? Python is not (and > possibly cannot be) made a sufficient sandbox; and neither can other > languages solve without breaking changes, too > - https://www.google.com/search?q=python+sandbox+bypass+escape - https://www.google.com/search?q=container+sandbox+escape - https://hn.algolia.com/?q=python+sandbox - [Bypassing a Python sandbox by abusing code objects / Hacker News]( https://news.ycombinator.com/item?id=8280053 ) > Things you can do, things you can't: > > - setcap a (virtualenv) bin/python > > - differentiate between code and data using the NX bit, *when a c > extension (with nested functions,) is imported [1][2]. The NX bit doesn't > work if you import a C extension. > > - Work with the ctypes module: > import ctypes > ctypes.cast(1, ctypes.py_object) > > - strip modules out of stdlib (and patch importlib) before compiling > > - "PEP 594 – Removing dead batteries from the standard library" > https://peps.python.org/pep-0594/ > > - there were mailing list and probably also discourse discussions of how > to allow customized builds of CPython with modules excluded. I'll keep > looking for the link > > [1] https://groups.google.com/g/dev-python/c/67Et2KtpzG4 > > [2] https://en.wikipedia.org/wiki/Nested_function#No-execute_stacks > > (E.g. BinderHub and Dask will run [Python, conda-forge,] code in k8s and > containers to sandbox / process-isolate it.) > > Is it possible to grant a WASM runtime - in a browser application sandbox > (with IPC APIs (all running under one user)) - access to syscalls (WASI,) > and have provide sufficient security assurances, even? > That is why opcodes have a cost with smart contracts; because of the Halting Problem and arbitrary code execution and no sockets and which other modules? Python does not yet (?) have browser-like sandboxing features. > - https://github.com/utoni/potd/blob/master/src/jail.c#L296 - https://www.google.com/search?q=wasm+sandbox+site%3Agithub.com +python - https://wiki.mozilla.org/Security/Sandbox - https://chromium.googlesource.com/chromium/src/+/HEAD/docs/design/sandbox.md - W3C IPC APIs: [Web Workers, Service Workers, ] - CSP Content Security Policy https://en.wikipedia.org/wiki/Content_Security_Policy#Complementary_measures - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox - "PEP 554 – Multiple Interpreters in the Stdlib / peps.python.org" https://peps.python.org/pep-0554/#interpreter-isolation - "PyPy’s sandboxing features — PyPy documentation" https://doc.pypy.org/en/latest/sandbox.html - https://github.com/vstinner/pysandbox - https://foss.heptapod.net/pypy/sandboxlib/-/blob/branch/default/sandboxlib/virtualizedproc.py > There have been various efforts and pycon presentations on sandboxing > Python with Python; most of them retrospectives just. > - HN search link above lists many sandboxing articles. - ( OT: [container-selinux, OpenShift SELinux MCS contexts and types, Kata containers / gVisor / Firecracker · Issue #6 · kai5263499/awesome-container-security · GitHub]( https://github.com/kai5263499/awesome-container-security/issues/6 ))
_______________________________________________ Python-ideas mailing list -- python-ideas@python.org To unsubscribe send an email to python-ideas-le...@python.org https://mail.python.org/mailman3/lists/python-ideas.python.org/ Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/RNKZD2P6BXSRZ6MNEEDNXKWLO2AWKPMA/ Code of Conduct: http://python.org/psf/codeofconduct/
