On 11/12/2013 4:11 PM, Steven D'Aprano wrote:
On Wed, Nov 13, 2013 at 12:58:42AM +0100, Victor Stinner wrote:
>I now gave up on sandboxing Python. I just would like to warn other
>core developers that trying to put a sandbox in Python is not a good
>idea:-)
Do you mean CPython?
Do you think it would be productive to create an independent Python
compiler, designed with sandboxing in mind from the beginning?
In reading this thread, which I took as an on-topic dismissal of an
integrated CPython sandbox, I also wondered if it was a CPython
implementation issue, or a language design issue.
If it is an implementation issue, then perhaps a different
implementation would help. Or perhaps a "safe compiler".
If it is a language design issue, then a different implementation
wouldn't help, it would require a new language, or a restricted subset.
I'm not sure whether some of the onerous sounding restrictions result
from language or implementation issues; some of them certainly sounded
like implementation issues.
A restricted subset, compiled by a validating compiler, might still be a
useful language, even if the execution speed has to be reduced by a
validating runtime.
Perhaps exception handling for exceptions hit inside a sandbox need to
stop at the sandbox boundary. That is, exceptions within the sandbox
stay within the sandbox, and exceptions generated due to sandbox calls
to the implementation need to stay outside the sandbox, and then
sanitized and limited information passed back in to the sandbox.
Perhaps a different/restricted set of builtins must be provided within
the sandbox.
These ideas may perhaps still allow a CPython sandbox to be written, or
may only help a new implementation.
Is there technology in the smartphone OSes that could be applied? iOS
seems to not even provide a file system to its apps, and there is
limited sharing of data from one app to the next. Android provides an
explicit subset of system services to its apps.
Thanks, Victor, for the update on your sandbox efforts. I was hoping you
would be successful, and then I was wondering if you had abandoned the
effort, and now I know what the current status is.
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
