Your search query "linkto%3A%22Asking for Help%2FHow can I run an untrusted Python script safely (i.e. Sandbox)%22" didn't return any results. Please change some terms and refer to HelpOnSearching for more information.
(!) Consider performing a full-text search with your search terms.

Clear message

How can I run an untrusted Python script safely (i.e. Sandbox)

See also: Security, SandboxedPython.

I've noticed that some people mention a Python style sandbox, but nothing concrete. Here's my problem:

I would like to be able to distribue a Python script to be run on computers that may not trust me (I.E. for use as a Folding@Home kind of distributed application.)

However, I would like my Python script to run in a secured sandbox that would not allow that script (by malice or accident) to damage that person's computer.

Also, I would like to be able to call compiled programs to do work (distribute a compiled C++ module to use hard hard hard calculations as a program, then pass the program parameters to do the work, then retrieve the values from standard out, etc); but again, the compiled programs would be "untrustworthy" and would need to be sandboxed somehow.

And thoughts that could help along with this would be great! Thanks.

Some ideas about sandboxing Python

Here are some ideas that you might consider; note that not all of them will be appropriate for some kinds of environments or systems:

Unfortunately, CPython's restricted execution capabilities (rexec, Bastion) were deprecated after it was discovered that improved introspection capabilities had rendered their mechanisms ineffective. By using an alternative runtime (ie. Jython) or operating system features (eg. chroot jails), you may actually be utilising a better solution, however. -- PaulBoddie

In addition to the above, added anonymously, you might want to inspect jailtools to see whether it provides some useful ideas for chroot jail construction. Note that I do not make any guarantees about security for jailtools. -- PaulBoddie

I suggest using Pynbox, Python in a NativeClient (NaCl) sandbox. NaCl is the best project I know of to run native code in a sandbox, which is what the question is asking for. We created Pynbox to make it easy to install and run Python under NaCl, including ability to use native modules. Building new native modules is more involved, but there are instructions and an example. -- DmitryS 2017-06-06

CategoryAskingForHelp CategoryAskingForHelpAnswered

Unable to edit the page? See the FrontPage for instructions.