On Sun, Apr 10, 2016 at 06:17:29PM +0100, Jon Ribbens wrote: > Further to the success of dojo participants in breaking out of my > sandbox experiment due to a stupid bug I'd created, I've both > tightened up the sandbox and extended it by adding back in 'with' > and 'import' (of white-listed modules). > > If anyone would like to have another go at breaking out of it, > I'd be interested to hear their results:
I guess it goes without saying, but just in case, the core team gave up on any possibility of in-process sandboxing a very long time ago, and all popular implementations are designed with pretty much zero regard for this use case. For an example of a robust sandboxed Python, App Engine disables modules and has a bunch of patches to disable the most obvious seg faults, then applies an OS sandbox on top of that. If you want a real sandbox use an OS supplied facility that's been reviewed to exhaustion like seccomp on Linux, although sadly there are no good wrappers to use Python within seccomp. There is some example code for seccomp here: http://pythonsweetness.tumblr.com/post/65442885019/secure-low-overhead-eval-sandbox-in-80-lines-of but really this wants wrapped up in a neat library to be generally useful. Jon are you up for that? :) David _______________________________________________ python-uk mailing list python-uk@python.org https://mail.python.org/mailman/listinfo/python-uk
