➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2010-05-10 22:15 by tarek, last changed 2022-04-11 14:57 by admin. This issue is now closed.
| Messages (7) | |||
|---|---|---|---|
| msg105471 - (view) | Author: Tarek Ziadé (tarek) *  |
Date: 2010-05-10 22:15 | |
Add a sandbox in distutils2, so all installation steps can be recorded or controlled. Usage example: a dry-run mode that prevents anything to be written on the disk but just reports. See setuptools.sandbox for example |
|||
| msg105749 - (view) | Author: Éric Araujo (eric.araujo) * |
Date: 2010-05-14 19:43 | |
What kind of sandbox should that be? Best-effort, meaning it replaces some functions to provide the dry-run feature, or an iron-clad sandbox that blocks malicious code from breaking out? |
|||
| msg115783 - (view) | Author: Éric Araujo (eric.araujo) * |
Date: 2010-09-07 15:52 | |
I talked a bit about that with haypo. A strong sandbox would have to intercept a number of C and Python calls to catch everything. The sandbox module in setuptools/distribute does that in 250 lines. I’m not sure it catches C code run from extension modules being built, but we could test that with haypo’s pysandbox. |
|||
| msg120622 - (view) | Author: th3flyboy (th3flyboy) | Date: 2010-11-06 15:14 | |
Hey, even if it's not perfect, it would be nice to at least see partial sand boxing in Python, rather than none at all. I'm working on an open source game project that uses Python, but recently the issue of security came up involving using python scripts with malicious intent or even just on accident that may cause security issues with user generated content. It would be great to be able to see even a built in sandbox that just covers python scripts, let alone calls to C/C++ code. Even if it's not perfect, some is better than none in my opinion. |
|||
| msg120623 - (view) | Author: Éric Araujo (eric.araujo) * |
Date: 2010-11-06 15:18 | |
We’re saying the same thing :) It all depends on the promise: If you’re making a best-effort sandbox, you’re trying to do the best you can, in cooperation with your users. For a game, I think you want an iron-clad sandbox that is totally error-proof. See https://pypi.python.org/pypi/pysandbox/1.0.3 for such a thing. |
|||
| msg120624 - (view) | Author: th3flyboy (th3flyboy) | Date: 2010-11-06 15:21 | |
Cool, thanks for that link, that should really help. One quick question however, do you or anyone else know if that will work under Python 3, we currently use 2, however it would be nice to be able to future proof for moving to 3. |
|||
| msg120627 - (view) | Author: Éric Araujo (eric.araujo) * |
Date: 2010-11-06 15:33 | |
I think there is some py3 support in pysandbox, but I’m not sure, and this discussion is off-topic for this bug tracker. If you don’t find anything in the links on the pysandbox page, feel free to ask on the python-list mailing list. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:57:00 | admin | set | github: 52926 |
| 2014-03-13 10:44:33 | eric.araujo | set | status: open -> closed resolution: out of date stage: resolved |
| 2010-11-06 15:33:11 | eric.araujo | set | messages: + msg120627 |
| 2010-11-06 15:21:39 | th3flyboy | set | messages: + msg120624 |
| 2010-11-06 15:18:13 | eric.araujo | set | messages: + msg120623 |
| 2010-11-06 15:14:36 | th3flyboy | set | nosy:
+ th3flyboy messages: + msg120622 |
| 2010-09-29 23:41:52 | eric.araujo | set | versions: + 3rd party, - Python 2.6, Python 2.5, Python 3.1, Python 2.7, Python 3.2 |
| 2010-09-07 15:52:19 | eric.araujo | set | nosy:
+ vstinner messages: + msg115783 |
| 2010-05-14 19:43:51 | eric.araujo | set | nosy:
+ eric.araujo messages: + msg105749 versions: + Python 2.6, Python 2.5, Python 3.1, Python 2.7, Python 3.2 |
| 2010-05-12 00:04:16 | meatballhat | set | nosy:
+ meatballhat |
| 2010-05-10 22:15:46 | tarek | create | |