On Mon, Sep 8, 2008 at 4:42 AM, Bob Ippolito <[EMAIL PROTECTED]> wrote: > On Sun, Sep 7, 2008 at 12:49 PM, Campbell Barton <[EMAIL PROTECTED]> wrote: >> Im still a bit at a loss as to where the blocking problem is... >> >> if I was to sandbox cpython for a pygame heres what Id try. >> >> - replace builtins like import, compile, exec, reload through the C >> api (as with the blender3d example I posted earlier, scripters will >> need to write scripts accounting for this perhaps in one py file to >> start with. >> - try to replace pythons memory allocator with one that can be >> limited.. OR, patch python to limit the memory it can use. (web plugin >> could statically link the patched python) OR use process some OS >> control to limit memory management. >> >> What else would you need to do to sandbox python for a web plugin? > > Just give up and figure out how to compile Python to JavaScript or > ActionScript or some other well tested VM designed for this kind of > use case. Then you won't even need to get people to install a plug-in, > because everyone already has JavaScript in their browser and almost > everyone has Flash (except on iPhone). > > PyPy -> Flash VM sounded like a promising approach, and it provides > everything that pygame does (and then some) on a technical level > anyway, so it'd largely be an exercise in writing a wrapper library to > expose a familiar API. > > -bob >
Why give up? - Blender3d uses this sandbox already and nobody has given me an example of how you'd use a malicious python script to workaround replacing builtins from C. (remember import is replaced) The memory problem is still there, but there are ways to use too much memory unrelated to python so Id consider that a separate topic since it would result in crashing the app, not stealing users data or breaking their OS. - Any linux users could also note that adobe's flash plugin crashes quite frequently on many systems, so I would not compare hanging/memory errors with easily being able to run arbitrary python on someones system. I also have strong doubts about the use of pypy/actionscript in relation to pygame which uses C/Pythons api. you cant just take this and point it to actionscript, and keep accessing SDL functions in the same way. Flash doesnt do blitting as far as I know, or allow openGL access. - thats another discussion though. People worried about security need to remember too that pygame and blender are not enterprise class applications that run on a server with 1000's of people executing scripts on them. security issues cant be ignored, but the requirements are not as high.