On Sat, Nov 21, 2015 at 1:35 PM, Matthew Keeter <matt.j.kee...@gmail.com> wrote: > I’m currently embedding Python in a C / C++ application that evaluates > user-provided scripts. > > Obviously, this is terribly unsafe: user-provided scripts can execute > arbitrary malicious actions, > and there’s no good way to sandbox Python in a desktop context. > > If I were to replace Python with Guile, is there a way to sandbox it so that > arbitrary (perhaps > malicious) user-provided scripts can be run safely?
I recommend using the features of the underlying operating system to provide the sandbox. In Linux, one can create new user/pid/network/mount/etc. namespaces (in other words, a "container") that isolate a process (or processes) from the rest of the system. Additionally, you should run the program as an unprivileged user inside of a chroot. - Dave