Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Python: Announce

pysandbox 1.5 released

 

 

Python announce RSS feed   Index | Next | Previous | View Threaded


victor.stinner at gmail

Mar 20, 2012, 5:32 AM

Post #1 of 1 (107 views)
Permalink
pysandbox 1.5 released

pysandbox is a Python sandbox. By default, untrusted code executed in
the sandbox cannot modify the environment (write a file, use print or
import a module). But you can configure the sandbox to choose exactly
which features are allowed or not, e.g. import sys module and read
/etc/issue file.

http://pypi.python.org/pypi/pysandbox
https://github.com/haypo/pysandbox/

Main changes since pysandbox 1.0.3:

- More modules and functions are allowed: math, random and time
modules, and the compile() builtin function for example
- Drop the timeout feature: it was not effective on CPU intensive
functions implemented in C
- (Read the ChangeLog to see all changes.)

pysandbox has known limitations:

- it is unable to limit memory or CPU
- it does not protect against bugs (e.g. crash) or vulnerabilities in CPython
- dict methods able to modify a dict (e.g. dict.update) are disabled
to protect the sandbox namespace, but dict[key]=value is still
accepted

It is recommanded to run untrusted code in a subprocess to workaround
these limitations. pysandbox doesn't provide an helper yet.

pysandbox is used by an IRC bot (fschfsch) to evaluate a Python
expression. The bot uses fork() and setrlimit() to limit memory and to
implement a timeout.

https://github.com/haypo/pysandbox/wiki/fschfsch

--

The limitation on dict methods is required to deny the modification of
the __builtins__ dictionary. I proposed the PEP 416 (frozendict) but
Guido van Rossum is going to reject it. I don't see how to fix this
limitation without modifying CPython.

http://www.python.org/dev/peps/pep-0416/

Victor
--
http://mail.python.org/mailman/listinfo/python-announce-list

Support the Python Software Foundation:
http://www.python.org/psf/donations/

Python announce RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.