In a message of Sun, 31 May 2015 09:52:29 +1000, "Steven D'Aprano" writes:
>How many PyPy sandboxes are being used with hostile users motivated to break
>out of the sandbox?
>
>"I wrote a sandbox which I can't break out of" is different from "I wrote a
>sandbox which nobody can break out of". Javas
davidf...@gmail.com writes:
> Thanks for the responses folks. I will briefly summarize them:...
I do think you should look at Geordi (the C++ IRC bot) that I linked.
It seems to have changed its implementation to use Docker, but either
way, lots of the the stuff it did was language independent.
--
While this thread is indeed a theoretical discussion of the interpreter,
for a practical solution where you control the host environment, one might
look into OS level sandboxing like FreeBSD's Jails (not to be confused with
a simple chroot environment) along with various resource limiting
parameter
On Sat, 30 May 2015 09:24 pm, Laura Creighton wrote:
> In a message of Sat, 30 May 2015 19:00:14 +1000, "Steven D'Aprano" writes:
>>I wouldn't have imagined that the claim "it's easier to secure a small
>>language with a few features than a big language with lots of features"
>>would have been so
Chris Angelico writes:
> Turing completeness isn't the whole story. How do you go about
> sandboxing a Brainf* implementation such that it can be used to
> implement Python, but can't be used to read or arbitrary files from
> your file system?
We're talking about sandboxing, so preventing the san
On Sun, May 31, 2015 at 6:00 AM, Paul Rubin wrote:
> Steven D'Aprano writes:
>> I wouldn't have imagined that the claim "it's easier to secure a small
>> language with a few features than a big language with lots of features"
>> would have been so controversial.
>
> Consider that if the small lan
In a message of Sat, 30 May 2015 20:42:49 +0200, Stefan Behnel writes:
>So here the cost of security is actually rewriting the entire language
>runtime and potentially also major parts of its ecosystem? Not exactly a
>cheap price either.
>
>Stefan
Well, the runtime is mostly generated, you don't
Steven D'Aprano writes:
> I wouldn't have imagined that the claim "it's easier to secure a small
> language with a few features than a big language with lots of features"
> would have been so controversial.
Consider that if the small language is Turing-complete, you can use it
to implement the bi
Laura Creighton schrieb am 30.05.2015 um 13:24:
> As a point of fact, We've _already got_ Topaz, a Ruby interpreter,
> Hippy, a PHP interpreter, a Prolog interpreter, a Smalltalk
> interpeter, and a javascript interpreter. Recently we got Pyket a
> Racket compiler. There also exist plenty of expe
On Sat, May 30, 2015 at 10:06 PM, BartC wrote:
> On 29/05/2015 23:49, Chris Angelico wrote:
>> That's 64-bit integers, not arbitrary-precision, but that's something
>> at least. You do still need to worry about what happens when your
>> numbers get too big; in Python, you simply don't. So it's sti
On 29/05/2015 23:49, Chris Angelico wrote:
On Sat, May 30, 2015 at 4:33 AM, Paul Rubin wrote:
Chris Angelico writes:
Looks to me as if Lua doesn't have integers at all
They fixed that in Lua 5.3:
http://www.lua.org/manual/5.3/readme.html#changes
That's 64-bit integers, not arbitrary-p
In a message of Sat, 30 May 2015 19:00:14 +1000, "Steven D'Aprano" writes:
>I wouldn't have imagined that the claim "it's easier to secure a small
>language with a few features than a big language with lots of features"
>would have been so controversial. I wonder if this claim will be equally as
>c
On Sat, 30 May 2015 02:48 pm, Paul Rubin wrote:
> Chris Angelico writes:
>> You can *easily* sandbox something that has very little functionality
>> - all you have to do is provide a minimalist "language" that permits
>> only a very few actions, and you know it's safe. But that security
>> comes
Chris Angelico writes:
> You can *easily* sandbox something that has very little functionality
> - all you have to do is provide a minimalist "language" that permits
> only a very few actions, and you know it's safe. But that security
> comes at a price.
This is a non-sequitur. The reason they d
On Sat, May 30, 2015 at 11:28 AM, Paul Rubin wrote:
> Chris Angelico writes:
>> Do you see what I mean about functionality being sacrificed for
>> security?
>
> No I don't. Lua has less functionality because it was designed to have
> a small embedding footprint. Python is much bigger because it
Chris Angelico writes:
> Do you see what I mean about functionality being sacrificed for
> security?
No I don't. Lua has less functionality because it was designed to have
a small embedding footprint. Python is much bigger because it was
mostly designed to run as a standalone interpreter. Tha
On Sat, May 30, 2015 at 4:33 AM, Paul Rubin wrote:
> Chris Angelico writes:
>> Looks to me as if Lua doesn't have integers at all
>
> They fixed that in Lua 5.3:
>
> http://www.lua.org/manual/5.3/readme.html#changes
That's 64-bit integers, not arbitrary-precision, but that's something
at least
Marko Rauhamaa writes:
>> The language features are an orthogonal issue to embeddability.
> I doubt that. Guile is designed for embedding but it is a full-fledged
> Scheme implementation.
Orthogonal means independent, not opposing.
> I have very little experience with Lua. What surprises me is t
Paul Rubin :
> The language features are an orthogonal issue to embeddability.
I doubt that. Guile is designed for embedding but it is a full-fledged
Scheme implementation.
> Lua is easier to embed securely because its embedding interface was
> designed for that.
I have very little experience w
Chris Angelico writes:
>> It doesn't add much to your application to embed Lua
> Lua's a much weaker language than Python is, though. Can it handle
> arbitrary-precision integers? Unicode? Dare I even ask,
> arbitrary-precision rationals (fractions.Fraction)? Security comes at
> a price, I guess.
Chris Angelico writes:
> Looks to me as if Lua doesn't have integers at all
They fixed that in Lua 5.3:
http://www.lua.org/manual/5.3/readme.html#changes
> Likewise, eight-bit strings, not Unicode.
Also fixed in 5.3 (basic utf-8 support added, per above).
--
https://mail.python.org/mailman
In a message of Fri, 29 May 2015 19:38:21 +1000, Chris Angelico writes:
>The point was to sandbox something inside Python. Otherwise, yes, just
>write it in Python. But if you do have to sandbox like this, you lose
>language-level Unicode support, language-level arbitrary precision
>integers, etcet
On Fri, May 29, 2015 at 7:23 PM, Stefan Behnel wrote:
> Chris Angelico schrieb am 29.05.2015 um 09:41:
>> On Fri, May 29, 2015 at 4:18 PM, Stefan Behnel wrote:
Lua's a much weaker language than Python is, though. Can it handle
arbitrary-precision integers? Unicode? Dare I even ask,
Chris Angelico schrieb am 29.05.2015 um 09:41:
> On Fri, May 29, 2015 at 4:18 PM, Stefan Behnel wrote:
>>> Lua's a much weaker language than Python is, though. Can it handle
>>> arbitrary-precision integers? Unicode? Dare I even ask,
>>> arbitrary-precision rationals (fractions.Fraction)?
>>
>> All
On Fri, May 29, 2015 at 4:18 PM, Stefan Behnel wrote:
>> Lua's a much weaker language than Python is, though. Can it handle
>> arbitrary-precision integers? Unicode? Dare I even ask,
>> arbitrary-precision rationals (fractions.Fraction)?
>
> All of those and way more, as long as you use it embedde
Chris Angelico schrieb am 28.05.2015 um 20:51:
> On Fri, May 29, 2015 at 4:41 AM, Stefan Behnel wrote:
>> davidf...@gmail.com schrieb am 26.05.2015 um 04:24:
>>> Has anyone on this list attempted to sandbox Python programs in a
>>> serious fashion? I'd be interested to hear your approach.
>>
>> Not
On Fri, May 29, 2015 at 4:41 AM, Stefan Behnel wrote:
> davidf...@gmail.com schrieb am 26.05.2015 um 04:24:
>> Has anyone on this list attempted to sandbox Python programs in a
>> serious fashion? I'd be interested to hear your approach.
>
> Not quite sandboxing Python, but I've seen people use my
davidf...@gmail.com schrieb am 26.05.2015 um 04:24:
> Has anyone on this list attempted to sandbox Python programs in a
> serious fashion? I'd be interested to hear your approach.
Not quite sandboxing Python, but I've seen people use my Lupa [1] library
for this. They're writing all their code in
Thanks for the responses folks. I will briefly summarize them:
> As you say, it is fundamentally not possible to make this work at
the Python level.
This is pretty effectively demonstrated by "Tav's admirable but failed attempt
to sandbox file IO":
* http://tav.espians.com/a-challenge-to-break-
On Tuesday, May 26, 2015 at 4:24:32 AM UTC+2, davi...@gmail.com wrote:
> I am writing a web service that accepts Python programs as input, runs the
> provided program with some profiling hooks, and returns various information
> about the program's runtime behavior. To do this in a safe manner, I
On Monday, May 25, 2015 at 10:24:32 PM UTC-4, davi...@gmail.com wrote:
> I am writing a web service that accepts Python programs as input, runs the
> provided program with some profiling hooks, and returns various information
> about the program's runtime behavior. To do this in a safe manner, I
In a message of Tue, 26 May 2015 09:53:56 +0200, Laura Creighton writes:
>In a message of Tue, 26 May 2015 17:10:30 +1000, "Steven D'Aprano" writes:
>>My sense is that the only way to safely sandbox Python is to create your own
>>Python implementation designed with security in mind. You can't get
In a message of Tue, 26 May 2015 17:10:30 +1000, "Steven D'Aprano" writes:
>My sense is that the only way to safely sandbox Python is to create your own
>Python implementation designed with security in mind. You can't get there
>starting from CPython. Maybe Jython?
You get there starting with Py
On Tuesday 26 May 2015 12:24, davidf...@gmail.com wrote:
> I am writing a web service that accepts Python programs as input, runs the
> provided program with some profiling hooks, and returns various
> information about the program's runtime behavior. To do this in a safe
> manner, I need to be ab
davidf...@gmail.com writes:
> Has anyone on this list attempted to sandbox Python programs in a
> serious fashion? I'd be interested to hear your approach.
There is something like that for C++ and it is quite complicated:
https://github.com/Eelis/geordi
I expect that for Python you'd have to do
On Tue, May 26, 2015 at 12:24 PM, wrote:
> I believe it is not possible to limit such operations at the Python level.
> The best you could do is try replacing all the standard library modules, but
> that is again just a blacklist - it won't prevent a determined attacker from
> doing things lik
I am writing a web service that accepts Python programs as input, runs the
provided program with some profiling hooks, and returns various information
about the program's runtime behavior. To do this in a safe manner, I need to be
able to create a sandbox that restricts what the submitted Python
37 matches
Mail list logo
