Maurice LING <[EMAIL PROTECTED]> writes: > I won't really count on that. In my opinions, which may be wrong, > Python is not constructed to work in a sandbox like Java. Java does it > by subjecting all classes that it loads through a security > manager. What you seems to want is a Python to have Java applet-typed > of restrictions.
Java has also been subject to years and years of attacks against the sandbox, followed by patches, followed by more attacks and more patches, so at this point it's not so easy to get past the security any more. But in the beginning it was full of bugs, and it may still have bugs. Python's rexec never attracted the attention of serious attackers. If you really have to do restricted execution, your best bet is to put the sandbox in a separate process chrooted to where it can't mess with the file system, and have it communicate with your application through a socket. I think there may be a way now to trap any system calls that it attempts, too. Of course none of that stops resource exhaustion attacks, etc. I don't have direct knowledge but it seems to me that there's potential for the situation to improve under PyPy, whose interpreter will have an extra layer where various bad operations can be trapped, if my impression is correct. So the long term prospects for secure rexec may be better than the immediate ones. -- http://mail.python.org/mailman/listinfo/python-list
