Differences between revisions 3 and 4
Revision 3 as of 2008-12-05 14:56:13
Size: 1157
Editor: hachoir
Revision 4 as of 2008-12-05 14:58:47
Size: 1281
Editor: hachoir
Deletions are marked like this. Additions are marked like this.
Line 27: Line 27:

== Sandboxing ==

See PyPy project: [http://codespeak.net/pypy/dist/pypy/doc/sandbox.html PyPy's sandboxing features].

Notes about Python Security.

Taint mode

Nicole King (cats-muvva.net) wrote a taint mode for CPython 3.0: http://www.cats-muvva.net/software/


  • amaury: The patch is indeed huge!

  • fijall: it seems that every function that returns a PyObject must be modified

  • fijall: need to patch (...) all places that might modify anything. (All side effects)

=> ncoghlan: PyPy is still a *much* better platform for that kind of experimentation than CPython

See also the presentation: [http://us.pycon.org/common/talkdata/PyCon2007/062/PyCon_2007.pdf Securing Python: Controling the abilities of the interpreter], PyCon US 2007, Brett Cannon and Eric Wohlstadter

Python Security Response Team

Some members:

  • Brett Cannon

Email: security AT python.org

Controlling Access to Resources Within The Python Interpreter


See PyPy project: [http://codespeak.net/pypy/dist/pypy/doc/sandbox.html PyPy's sandboxing features].

Security (last edited 2009-09-14 09:54:15 by PaulBoddie)

Unable to edit the page? See the FrontPage for instructions.