Hi Stefan,
On Wed, Mar 7, 2012 at 23:16, Stefan Behnel stefan...@behnel.de wrote:
Well, there's a bug tracker that lists some of them, which is not *that*
hard to find. Does your claim about a significantly harder endeavour
refer to finding a crash or to finding a fix for it?
Are you talking
On 05/03/2012 23:11, Victor Stinner wrote:
3 tests are crashing pysandbox:
- modify a dict during a dict lookup: I proposed two different fixes
in issue #14205
- type MRO changed during a type lookup (modify __bases__ during the
lookup): I proposed a fix in issue #14199 (keep a reference to
On 01/03/2012 22:59, Victor Stinner wrote:
I challenge anymore to break pysandbox! I would be happy if anyone
breaks it because it would make it more stronger.
Results, one week later. Nobody found a vulnerability giving access to
the filesystem or to the sandbox.
Armin Rigo complained that
Hi Stefan,
Stefan Behnel wrote:
could you please stop bashing CPython for no good reason, especially on
python-dev? Specifically, to call it broken beyond repair is a rather
offensive claim, especially when made in public.
Sorry if you were offended. I am just trying to point out that
Maciej Fijalkowski, 06.03.2012 00:08:
For a comparison, PyPy sandbox is a compiled from higher-level
language program that by design does not have all sorts of problems
described. The amount of code you need to carefully review is very
minimal (as compared to the entire CPython interpreter).
You can't solve the too much time, without solving the halting problem,
Not sure what you mean by that. It seems to me that it's particularly
easy to do in a roughly portable way, with alarm() for example on all
UNIXes.
What time should you set the alarm for? How much time is enough before
2012/3/5 Serhiy Storchaka storch...@gmail.com:
05.03.12 11:09, Victor Stinner написав(ла):
pysandbox uses SIGALRM with a timeout of 5 seconds by default. You can
change this timeout or disable it completly.
pysandbox doesn't provide a function to limit the memory yet, you have
to do it
Armin Rigo wrote:
For example, let's assume we can decref
a object to 0 before its last usage, at address x. All you need is
the skills and luck to arrange that the memory at x becomes occupied
by a new bigger string object allocated at x - small_number.
That's a lot of assumptions. When you
On Tue, 06 Mar 2012 10:21:12 +1300
Greg Ewing greg.ew...@canterbury.ac.nz wrote:
What you seem to be saying is Python cannot be sandboxed,
because any code can have bugs. Or, Nothing is ever 100% secure,
because the universe is not perfect. Which is true, but not in
a very interesting way.
On Mon, Mar 5, 2012 at 1:16 PM, Victor Stinner victor.stin...@gmail.com wrote:
2012/3/5 Serhiy Storchaka storch...@gmail.com:
05.03.12 11:09, Victor Stinner написав(ла):
pysandbox uses SIGALRM with a timeout of 5 seconds by default. You can
change this timeout or disable it completly.
I challenge anymore to break pysandbox! I would be happy if anyone
breaks it because it would make it more stronger.
I tried to run the files from Lib/test/crashers and --- kind of
obviously --- I found at least two of them that still segfaults
execfile.py, sometimes with minor edits and
Just forbid the sandboxed code from using the signal module, and set
the signal to the default action (abort).
Ah yes, good idea. It may be an option because depending on the use
case, failing with abort is not always the best option.
The signal module is not allowed by the default policy.
05.03.12 23:16, Victor Stinner написав(ла):
Apply the timeout would require to modify the sum() function.
sum() is just one, simple, example. Any C code could potentially run
long enough. Another example is the recently discussed hashtable
vulnerability:
class badhash: __hash__ =
05.03.12 23:47, Guido van Rossum написав(ла):
Maybe it would make more sense to add such a test to xrange()? (Maybe
not every iteration but every 10 or 100 iterations.)
`sum([10**100]*100)` leads to same effect.
___
Python-Dev mailing list
On Mon, Mar 5, 2012 at 1:21 PM, Greg Ewing greg.ew...@canterbury.ac.nz wrote:
Armin Rigo wrote:
For example, let's assume we can decref
a object to 0 before its last usage, at address x. All you need is
the skills and luck to arrange that the memory at x becomes occupied
by a new bigger
For a comparison, PyPy sandbox is a compiled from higher-level
language program that by design does not have all sorts of problems
described. The amount of code you need to carefully review is very
minimal (as compared to the entire CPython interpreter). It does not
mean it has no bugs, but
I strongly disagree that sandbox is secure because it's just
segfaults and any code is exploitable that way. Finding segfaults
in CPython is easy. As in all you need is armin, a bit of coffee and
a free day. Reasons for this vary, but one of those is that python is
a large code base that does
On Mon, Mar 5, 2012 at 3:40 PM, Martin v. Löwis mar...@v.loewis.de wrote:
I strongly disagree that sandbox is secure because it's just
segfaults and any code is exploitable that way. Finding segfaults
in CPython is easy. As in all you need is armin, a bit of coffee and
a free day. Reasons for
$ python execfile.py badhash.py
Hang up.
class badhash: __hash__ = int(42).__hash__
set([badhash() for _ in range(10)])
___
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
There is even easier way to exceed the time-limit timeout and to eat CPU:
sum(xrange(10)).
___
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
Hi all,
On Sun, Mar 4, 2012 at 03:51, Guido van Rossum gu...@python.org wrote:
Could we put asserts in the places where segfaults may happen?
No. I checked Lib/test/crashers/*.py and none of them would be safe
with just a failing assert. If they were, we'd have written the
assert long ago :-(
Armin Rigo wrote:
Hi all,
On Sun, Mar 4, 2012 at 03:51, Guido van Rossum gu...@python.org wrote:
Could we put asserts in the places where segfaults may happen?
No. I checked Lib/test/crashers/*.py and none of them would be safe
with just a failing assert. If they were, we'd have written
Maciej Fijalkowski wrote:
Segfaults (most of them) can generally be made into arbitrary code
execution,
Can you give an example of how this can be done?
--
Greg
___
Python-Dev mailing list
Python-Dev@python.org
Mark Shannon wrote:
You can't solve the too much time, without solving the halting problem,
but you can make sure all code is interruptable (i.e. Cntrl-C works).
If you can arrange for Ctrl-C to interrupt the process cleanly,
then (at least on Unix) you can arrange to receive a signal
after a
Hi Mark,
On Sun, Mar 4, 2012 at 18:34, Mark Shannon m...@hotpy.org wrote:
I don't think it is as hard as all that.
All the crashers can be fixed, and with minimal effect on performance.
I will assume that you don't mean just to fix the files in
Lib/test/crashers, but to fix the general issues
Hi Greg,
On Sun, Mar 4, 2012 at 22:44, Greg Ewing greg.ew...@canterbury.ac.nz wrote:
Segfaults (most of them) can generally be made into arbitrary code
execution,
Can you give an example of how this can be done?
You should find tons of documented examples of various attacks. It's
not easy,
Hi Mark,
On Sun, Mar 4, 2012 at 18:34, Mark Shannon m...@hotpy.org wrote:
You can't solve the too much time, without solving the halting problem,
Not sure what you mean by that. It seems to me that it's particularly
easy to do in a roughly portable way, with alarm() for example on all
UNIXes.
Armin Rigo wrote:
Hi Mark,
On Sun, Mar 4, 2012 at 18:34, Mark Shannon m...@hotpy.org wrote:
You can't solve the too much time, without solving the halting problem,
Not sure what you mean by that. It seems to me that it's particularly
easy to do in a roughly portable way, with alarm() for
Am 04.03.2012 23:53, schrieb Steven D'Aprano:
Armin Rigo wrote:
Hi Mark,
On Sun, Mar 4, 2012 at 18:34, Mark Shannon m...@hotpy.org wrote:
You can't solve the too much time, without solving the halting problem,
Not sure what you mean by that. It seems to me that it's particularly
easy to
Hi Victor,
On Thu, Mar 1, 2012 at 22:59, Victor Stinner victor.stin...@gmail.com wrote:
I challenge anymore to break pysandbox! I would be happy if anyone
breaks it because it would make it more stronger.
I tried to run the files from Lib/test/crashers and --- kind of
obviously --- I found at
Hi,
Le 03/03/2012 20:13, Armin Rigo a écrit :
I challenge anymore to break pysandbox! I would be happy if anyone
breaks it because it would make it more stronger.
I tried to run the files from Lib/test/crashers and --- kind of
obviously --- I found at least two of them that still segfaults
On Sat, Mar 3, 2012 at 1:37 PM, Victor Stinner victor.stin...@gmail.com wrote:
Hi,
Le 03/03/2012 20:13, Armin Rigo a écrit :
I challenge anymore to break pysandbox! I would be happy if anyone
breaks it because it would make it more stronger.
I tried to run the files from Lib/test/crashers
On Sat, Mar 3, 2012 at 6:02 PM, Maciej Fijalkowski fij...@gmail.com wrote:
On Sat, Mar 3, 2012 at 1:37 PM, Victor Stinner victor.stin...@gmail.com
wrote:
Hi,
Le 03/03/2012 20:13, Armin Rigo a écrit :
I challenge anymore to break pysandbox! I would be happy if anyone
breaks it because it
On Sat, Mar 3, 2012 at 6:51 PM, Guido van Rossum gu...@python.org wrote:
On Sat, Mar 3, 2012 at 6:02 PM, Maciej Fijalkowski fij...@gmail.com wrote:
On Sat, Mar 3, 2012 at 1:37 PM, Victor Stinner victor.stin...@gmail.com
wrote:
Hi,
Le 03/03/2012 20:13, Armin Rigo a écrit :
I challenge
Hi,
The frozendict discussion switched somewhere to sandboxing, and so I
prefer to start a new thread.
There are various ways to implement a sandbox, but I would like to
expose here how I implemented pysandbox to have your opinion.
pysandbox is written to execute quickly a short untrusted
I challenge anymore to break pysandbox! I would be happy if anyone
breaks it because it would make it more stronger.
Hum, I should give some rules for such contest:
- the C module (_sandbox) must be used
- you have to get access to a object outside the sandbox, like a real
module, or get
36 matches
Mail list logo