How can I run an untrusted Python script safely (i.e. Sandbox)

See also: Security, SandboxedPython.

I've noticed that some people mention a Python style sandbox, but nothing concrete. Here's my problem:

I would like to be able to distribue a Python script to be run on computers that may not trust me (I.E. for use as a Folding@Home kind of distributed application.)

However, I would like my Python script to run in a secured sandbox that would not allow that script (by malice or accident) to damage that person's computer.

Also, I would like to be able to call compiled programs to do work (distribute a compiled C++ module to use hard hard hard calculations as a program, then pass the program parameters to do the work, then retrieve the values from standard out, etc); but again, the compiled programs would be "untrustworthy" and would need to be sandboxed somehow.

And thoughts that could help along with this would be great! Thanks.

Some ideas about sandboxing Python

Here are some ideas that you might consider; note that not all of them will be appropriate for some kinds of environments or systems:

Unfortunately, CPython's restricted execution capabilities (rexec, Bastion) were deprecated after it was discovered that improved introspection capabilities had rendered their mechanisms ineffective. By using an alternative runtime (ie. Jython) or operating system features (eg. chroot jails), you may actually be utilising a better solution, however. -- PaulBoddie

In addition to the above, added anonymously, you might want to inspect jailtools to see whether it provides some useful ideas for chroot jail construction. Note that I do not make any guarantees about security for jailtools. -- PaulBoddie

CategoryAskingForHelp CategoryAskingForHelpAnswered

Asking for Help/How can I run an untrusted Python script safely (i.e. Sandbox) (last edited 2011-03-26 23:20:19 by PaulBoddie)

Unable to edit the page? See the FrontPage for instructions.