On 01/03/2012 22:59, Victor Stinner wrote:
I challenge anymore to break pysandbox! I would be happy if anyone
breaks it because it would make it more stronger.
Results, one week later. Nobody found a vulnerability giving access to
the filesystem or to the sandbox.
Armin Rigo complained that
On 05/03/2012 23:11, Victor Stinner wrote:
3 tests are crashing pysandbox:
- modify a dict during a dict lookup: I proposed two different fixes
in issue #14205
- type MRO changed during a type lookup (modify __bases__ during the
lookup): I proposed a fix in issue #14199 (keep a reference to
Hi Stefan,
On Wed, Mar 7, 2012 at 23:16, Stefan Behnel wrote:
> Well, there's a bug tracker that lists some of them, which is not *that*
> hard to find. Does your claim about "a significantly harder endeavour"
> refer to finding a crash or to finding a fix for it?
Are you talking about the vario
Maciej Fijalkowski, 06.03.2012 00:08:
> For a comparison, PyPy sandbox is a compiled from higher-level
> language program that by design does not have all sorts of problems
> described. The amount of code you need to carefully review is very
> minimal (as compared to the entire CPython interpreter)
Hi Stefan,
Stefan Behnel wrote:
> could you please stop bashing CPython for no good reason, especially on
> python-dev? Specifically, to call it broken beyond repair is a rather
> offensive claim, especially when made in public.
Sorry if you were offended. I am just trying to point out that
CPyt
On Mon, Mar 5, 2012 at 3:40 PM, "Martin v. Löwis" wrote:
>> I strongly disagree that sandbox is secure because it's "just
>> segfaults" and "any code is exploitable that way". Finding segfaults
>> in CPython is "easy". As in all you need is armin, a bit of coffee and
>> a free day. Reasons for thi
> I strongly disagree that sandbox is secure because it's "just
> segfaults" and "any code is exploitable that way". Finding segfaults
> in CPython is "easy". As in all you need is armin, a bit of coffee and
> a free day. Reasons for this vary, but one of those is that python is
> a large code base
> For a comparison, PyPy sandbox is a compiled from higher-level
> language program that by design does not have all sorts of problems
> described. The amount of code you need to carefully review is very
> minimal (as compared to the entire CPython interpreter). It does not
> mean it has no bugs, b
On Mon, Mar 5, 2012 at 1:21 PM, Greg Ewing wrote:
> Armin Rigo wrote:
>>
>> For example, let's assume we can decref
>> a object to 0 before its last usage, at address x. All you need is
>> the skills and luck to arrange that the memory at x becomes occupied
>> by a new bigger string object alloca
05.03.12 23:47, Guido van Rossum написав(ла):
Maybe it would make more sense to add such a test to xrange()? (Maybe
not every iteration but every 10 or 100 iterations.)
`sum([10**100]*100)` leads to same effect.
___
Python-Dev mailing list
Py
05.03.12 23:16, Victor Stinner написав(ла):
> Apply the timeout would require to modify the sum() function.
sum() is just one, simple, example. Any C code could potentially run
long enough. Another example is the recently discussed hashtable
vulnerability:
class badhash: __hash__ = int(42)._
> Just forbid the sandboxed code from using the signal module, and set
> the signal to the default action (abort).
Ah yes, good idea. It may be an option because depending on the use
case, failing with abort is not always the best option.
The signal module is not allowed by the default policy.
>
>>> I challenge anymore to break pysandbox! I would be happy if anyone
>>> breaks it because it would make it more stronger.
>
> I tried to run the files from Lib/test/crashers and --- kind of
> obviously --- I found at least two of them that still segfaults
> execfile.py, sometimes with minor edit
On Mon, Mar 5, 2012 at 1:16 PM, Victor Stinner wrote:
> 2012/3/5 Serhiy Storchaka :
>> 05.03.12 11:09, Victor Stinner написав(ла):
>>
>>> pysandbox uses SIGALRM with a timeout of 5 seconds by default. You can
>>> change this timeout or disable it completly.
>>>
>>> pysandbox doesn't provide a func
On Tue, 06 Mar 2012 10:21:12 +1300
Greg Ewing wrote:
>
> What you seem to be saying is "Python cannot be sandboxed,
> because any code can have bugs." Or, "Nothing is ever 100% secure,
> because the universe is not perfect." Which is true, but not in
> a very interesting way.
There is a differen
Armin Rigo wrote:
For example, let's assume we can decref
a object to 0 before its last usage, at address x. All you need is
the skills and luck to arrange that the memory at x becomes occupied
by a new bigger string object allocated at "x - small_number".
That's a lot of assumptions. When you
2012/3/5 Serhiy Storchaka :
> 05.03.12 11:09, Victor Stinner написав(ла):
>
>> pysandbox uses SIGALRM with a timeout of 5 seconds by default. You can
>> change this timeout or disable it completly.
>>
>> pysandbox doesn't provide a function to limit the memory yet, you have
>> to do it manually. It
>>> You can't solve the too much time, without solving the halting problem,
>>
>> Not sure what you mean by that. It seems to me that it's particularly
>> easy to do in a roughly portable way, with alarm() for example on all
>> UNIXes.
>
> What time should you set the alarm for? How much time is e
Am 04.03.2012 23:53, schrieb Steven D'Aprano:
> Armin Rigo wrote:
>> Hi Mark,
>>
>> On Sun, Mar 4, 2012 at 18:34, Mark Shannon wrote:
>>> You can't solve the too much time, without solving the halting problem,
>>
>> Not sure what you mean by that. It seems to me that it's particularly
>> easy to
Armin Rigo wrote:
Hi Mark,
On Sun, Mar 4, 2012 at 18:34, Mark Shannon wrote:
You can't solve the too much time, without solving the halting problem,
Not sure what you mean by that. It seems to me that it's particularly
easy to do in a roughly portable way, with alarm() for example on all
UN
Hi Mark,
On Sun, Mar 4, 2012 at 18:34, Mark Shannon wrote:
> You can't solve the too much time, without solving the halting problem,
Not sure what you mean by that. It seems to me that it's particularly
easy to do in a roughly portable way, with alarm() for example on all
UNIXes.
A bientôt,
Hi Greg,
On Sun, Mar 4, 2012 at 22:44, Greg Ewing wrote:
>> Segfaults (most of them) can generally be made into arbitrary code
>> execution,
>
> Can you give an example of how this can be done?
You should find tons of documented examples of various attacks. It's
not easy, but it's possible. Fo
Hi Mark,
On Sun, Mar 4, 2012 at 18:34, Mark Shannon wrote:
> I don't think it is as hard as all that.
> All the crashers can be fixed, and with minimal effect on performance.
I will assume that you don't mean just to fix the files in
Lib/test/crashers, but to fix the general issues that each is
Mark Shannon wrote:
You can't solve the too much time, without solving the halting problem,
but you can make sure all code is interruptable (i.e. Cntrl-C works).
If you can arrange for Ctrl-C to interrupt the process cleanly,
then (at least on Unix) you can arrange to receive a signal
after a
Maciej Fijalkowski wrote:
Segfaults (most of them) can generally be made into arbitrary code
execution,
Can you give an example of how this can be done?
--
Greg
___
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinf
Armin Rigo wrote:
Hi all,
On Sun, Mar 4, 2012 at 03:51, Guido van Rossum wrote:
Could we put asserts in the places where segfaults may happen?
No. I checked Lib/test/crashers/*.py and none of them would be safe
with just a failing assert. If they were, we'd have written the
assert long ago
Hi all,
On Sun, Mar 4, 2012 at 03:51, Guido van Rossum wrote:
> Could we put asserts in the places where segfaults may happen?
No. I checked Lib/test/crashers/*.py and none of them would be safe
with just a failing assert. If they were, we'd have written the
assert long ago :-( "mutation_insi
There is even easier way to exceed the time-limit timeout and to eat CPU:
sum(xrange(10)).
___
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.python.org/mailman/options/
$ python execfile.py badhash.py
Hang up.
class badhash: __hash__ = int(42).__hash__
set([badhash() for _ in range(10)])
___
Python-Dev mailing list
Python-Dev@python.org
http://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
http://mail.py
On Sat, Mar 3, 2012 at 6:51 PM, Guido van Rossum wrote:
> On Sat, Mar 3, 2012 at 6:02 PM, Maciej Fijalkowski wrote:
>> On Sat, Mar 3, 2012 at 1:37 PM, Victor Stinner
>> wrote:
>>> Hi,
>>>
>>> Le 03/03/2012 20:13, Armin Rigo a écrit :
>>>
>> I challenge anymore to break pysandbox! I would be
On Sat, Mar 3, 2012 at 6:02 PM, Maciej Fijalkowski wrote:
> On Sat, Mar 3, 2012 at 1:37 PM, Victor Stinner
> wrote:
>> Hi,
>>
>> Le 03/03/2012 20:13, Armin Rigo a écrit :
>>
> I challenge anymore to break pysandbox! I would be happy if anyone
> breaks it because it would make it more str
On Sat, Mar 3, 2012 at 1:37 PM, Victor Stinner wrote:
> Hi,
>
> Le 03/03/2012 20:13, Armin Rigo a écrit :
>
I challenge anymore to break pysandbox! I would be happy if anyone
breaks it because it would make it more stronger.
>>
>>
>> I tried to run the files from Lib/test/crashers and --
Hi,
Le 03/03/2012 20:13, Armin Rigo a écrit :
I challenge anymore to break pysandbox! I would be happy if anyone
breaks it because it would make it more stronger.
I tried to run the files from Lib/test/crashers and --- kind of
obviously --- I found at least two of them that still segfaults
exe
Hi Victor,
On Thu, Mar 1, 2012 at 22:59, Victor Stinner wrote:
>> I challenge anymore to break pysandbox! I would be happy if anyone
>> breaks it because it would make it more stronger.
I tried to run the files from Lib/test/crashers and --- kind of
obviously --- I found at least two of them tha
> I challenge anymore to break pysandbox! I would be happy if anyone
> breaks it because it would make it more stronger.
Hum, I should give some rules for such contest:
- the C module (_sandbox) must be used
- you have to get access to a object outside the sandbox, like a real
module, or get acce
Hi,
The frozendict discussion switched somewhere to sandboxing, and so I
prefer to start a new thread.
There are various ways to implement a sandbox, but I would like to
expose here how I implemented pysandbox to have your opinion.
pysandbox is written to execute quickly a short untrusted functio
36 matches
Mail list logo