On Sun, 19 Aug 2007 12:33:09 +0200 Armin Rigo <[EMAIL PROTECTED]> wrote:
> > Hi all, > > Those that follow IRC already know it, but it's worth being announced a > bit more widely: I've been working on a form of sandboxing for RPython > programs, which now seems to work for the whole of PyPy. > > It's "sandboxing" as in "full virtualization", but done in normal C with > no OS support at all. It's a two-processes model: we can translate PyPy > to a special "pypy-c-sandbox" executable, which is safe in the sense > that it doesn't do any library or system call - instead, whenever it > would like to perform such an operation, it marshals the operation name > and the arguments to its stdout and it waits for the marshalled result > on its stdin. This pypy-c-sandbox process is meant to be run by an > outer "controller" program that answers to these operation requests. How is this different to just linking against a libc wrapper (that does whatever marshal magic is required) ? Simon. _______________________________________________ [email protected] http://codespeak.net/mailman/listinfo/pypy-dev
