[Bf-committers] "Security" gets in the way
Benjamin Tolputt
btolputt at internode.on.net
Sat May 1 08:23:25 CEST 2010
Tom M wrote:
> there is already a sandbox version of pypy.
>
> http://codespeak.net/pypy/dist/pypy/doc/sandbox.html
>
The sandbox described in that page is not exactly what he is talking
about. That is a Python-wide sandbox that shunts all sensitive
functionality (file access, sockets, OS operations, etc) to an external
EXE file that then handles them.
What I think Jason is talking about is building a subset of Python using
PyPy that simply does not provide access to these modules AT ALL. This
would be an ideal solution if it can be implemented in a reasonably
maintainable manner.
More information about the Bf-committers
mailing list