Challenge: escape from the pysandbox
in [Python]
|
Prev: WANTED: Regular expressions for breaking TeX/LaTeX document into tokens
Next: [M2Crypto] Problems uploading to IIS using FTP over SSL
From: Victor Stinner on 28 Feb 2010 11:43 Le samedi 27 février 2010 18:37:22, Daniel Fetchinson a écrit : > It's google's hosting solution called app engine, for python web > applications: http://code.google.com/appengine/docs/python/gettingstarted/ > > I guess they also have some kind of a sandbox if they let people run > python on their machines, I'm not sure if it's open source though. Yes, Google AppEngine has its Python sandbox and the source code is available online. I don't know the license. I found 7 vulnerabilities in 1 hour :-) I contacted Google security team. To answer to your question "How is [AppEngine] different from your project?": * pysanbox has an import whitelist, whereas AppEngine has an import blacklist (subprocess, socket, ... builtin modules are replaced by safe versions). Import a Python module written in C is forbidden. * Import a module in AppEngine imports all symbols, whereas pysandbox uses also a symbol whitelist. * AppEngine doesn't have proxies, all objects are modifiable (eg. sys.path) There are other differences, but I prefer to wait for the answer from Google before telling you more :) AppEngine sandbox and pysandbox projects are very close: most protections are based on blacklists, whereas RestrictedPython is only based on whitelists. -- Victor Stinner http://www.haypocalc.com/
From: Aahz on 28 Feb 2010 12:55 In article <mailman.330.1267292249.4577.python-list(a)python.org>, Daniel Fetchinson <fetchinson(a)googlemail.com> wrote: > >I guess they also have some kind of a sandbox if they let people run >python on their machines, I'm not sure if it's open source though. Thing is, I'm sure that Google uses a critical backstop to any Python-based sandbox: something like a chroot jail. The Python sandbox is mostly there to inform you about what you can and can't do; the real security is provided by the OS. -- Aahz (aahz(a)pythoncraft.com) <*> http://www.pythoncraft.com/ "Many customs in this life persist because they ease friction and promote productivity as a result of universal agreement, and whether they are precisely the optimal choices is much less important." --Henry Spencer
From: Daniel Fetchinson on 28 Feb 2010 17:40 >>I guess they also have some kind of a sandbox if they let people run >>python on their machines, I'm not sure if it's open source though. > > Thing is, I'm sure that Google uses a critical backstop to any > Python-based sandbox: something like a chroot jail. The Python sandbox > is mostly there to inform you about what you can and can't do; the real > security is provided by the OS. I see, makes perfect sense. This then raises the question whether it's important to have a 100% fool proof python sandbox without help from the OS, or this goal is not only too ambitious but also not really a useful one. One aspect might be that one might want to have a platform independent way of sandboxing, perhaps. Cheers, Daniel -- Psss, psss, put it down! - http://www.cafepress.com/putitdown
From: Victor Stinner on 2 Mar 2010 21:37 Le dimanche 28 février 2010 23:40:59, Daniel Fetchinson a écrit : > >>I guess they also have some kind of a sandbox if they let people run > >>python on their machines, I'm not sure if it's open source though. > > > > Thing is, I'm sure that Google uses a critical backstop to any > > Python-based sandbox: something like a chroot jail. The Python sandbox > > is mostly there to inform you about what you can and can't do; the real > > security is provided by the OS. > > I see, makes perfect sense. This then raises the question whether it's > important to have a 100% fool proof python sandbox without help from > the OS, or this goal is not only too ambitious but also not really a > useful one. This is just impossible :-) PHP tried that but it's too hard to write an exhaustive blacklist because too much code have to be modified. If you require a 100% fool proof sandbox, you have to use a sandbox between the Python process and the OS (and not inside the Python process). > One aspect might be that one might want to have a platform > independent way of sandboxing, perhaps. The problem have to be splitted in two parts: protect access to OS resources (files, network, etc.) and protect access to Python objects (eg. create a read only view of objects injected to the sandbox). An "OS sandbox" can not protect objects inside the Python object. And pysandbox cannot protect all access to OS resources (but I try to do that :-)). pysandbox is a possible solution to the second problem: control Python object space. -- Victor Stinner http://www.haypocalc.com/
From: Victor Stinner on 2 Mar 2010 21:42
Le dimanche 28 février 2010 17:43:07, Victor Stinner a écrit : > Yes, Google AppEngine has its Python sandbox and the source code is > available online. I don't know the license. I found 7 vulnerabilities in 1 > hour :-) I contacted Google security team. (...) There are other > differences, but I prefer to wait for the answer from > Google before telling you more :) Google answered me. I misunderstood AppEngine sandbox. It's not a Python sandbox. AppEngine sandbox is just a tool helping developers to test programs without the "real" (OS) sandbox. Their Python sandbox *emulates* the real sandbox, and so it's completly different to pysandbox. -- Victor Stinner http://www.haypocalc.com/ |