Nick Coghlan <[EMAIL PROTECTED]> wrote:
> > If you _can_ execute (whatever) in a separate process, then an approach
> > based on BSD's "jail" or equivalent features of other OS's may be able
> > to give you all you need, without needing other restrictions to be coded
> > in the interpreter (or whatever else you run in that process).
> I think that's where these discussion have historically ended. . . making a
> Python-specific sandbox gets complicated enough that it ends up making more
> sense to just use an OS-based sandbox that lets you execute arbitrary binaries
> relatively safely.
> The last suggestion I recall along these lines was chroot() plus a monitoring
> daemon that killed the relevant subprocess if it started consuming too much
> memory or looked like it had got stuck in an infinite loop.

"Yes, but" -- that ``if'' at the start of this quote paragraph of mine
is, I believe, a meaningful qualification.  It is not obvious to me that
all applications and platforms can usefully execute untrusted Python
code in a separate jail'd process; so, I think there would still be use
cases for an in-process sandbox, although it's surely true that making
one would not be trivial.


Reply via email to