Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://mail.python.org/pipermail/python-dev/2010-September/103787.html below:

[Python-Dev] Some news from my sandbox project

• Previous message: [Python-Dev] [Catalog-sig] egg_info in PyPI
• Next message: [Python-Dev] Some news from my sandbox project
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I'm still developing irregulary my sandbox project since last june. pysandbox 
is a sandbox to execute untrusted Python code. It is able to execute unmodified 
Python code with a low overhead. I consider it as stable and secure.
http://github.com/haypo/pysandbox/

Today, the biggest problem is the creation of a read only view of the 
__builtins__ dictionary. I tried to create my own object with the dict API, 
but I got quickly a segfault. I realized that ceval.c is hardcoded to use 
PyDict functions on __builtins__ (LOAD_GLOBAL instruction). So I created a 
subclass of dict and replaced modify function (__setitem__, update, clear, 
...).

I would like to know if you will agree to modify ceval.c (and maybe some other 
functions) to support __builtins__ of another type than dict. I mean add a 
fast check (PyDict_CheckExact) on the type. If you agree, I can will an issue 
with a patch.

The two last vulnerabilities came from this problem: it was possible to use 
dict methods on __builtins__, eg. dict.update(__builtins__, {...}) and  
dict.__init__(__builtins__, {...}). Because of that, pysandbox removes all 
dict methods able to modify a dict. And so "d={...}; d.update(...)" raises an 
error (d has no update attribute) :-/

---

If you would like to test pysandbox, just join ##fschfsch channel of the 
Freenode IRC server and talk to fschfsch. It's an IRC bot using pysandbox to 
evaluate Python expressions. It is also on #python-fr and #python channels, 
but please use ##fschfsch for tests.
http://github.com/haypo/pysandbox/wiki/fschfsch

Or you can pysandbox on your computer. Download the last git version (github 
provides tarballs if you don't have git program), install it and run: python 
interpreter.py. You have to compile _sandbox, a C module required to modify 
some Python internals.

The last git version is compatible with Python 2.5, 2.6 and 2.7. It works on 
3.1 and 3.2 after a conversion with 2to3 and a small hack on sandbox/proxy.py: 
replace "elif isinstance(value, OBJECT_TYPES):" by "else:" (and remove the 
existing else statement). I'm not sure that this hack is safe, and so I didn't 
commited it yet.

-- 
Victor Stinner
http://www.haypocalc.com/

• Previous message: [Python-Dev] [Catalog-sig] egg_info in PyPI
• Next message: [Python-Dev] Some news from my sandbox project
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4