Permalink
Fetching contributors…
Cannot retrieve contributors at this time
79 lines (64 sloc) 3.32 KB
Version 1.6
-----------
FIXME: repair ClearImport() protection, or remove it
* SECURITY FIX: __builtins__ is now readonly when execute() is used.
It was only readonly when call() was used.
* Execute code in a subprocess using the Python subprocess module
or os.fork()
* Add --disable-subprocess command line option
* pysandbox is now able to catch crash in the Python process
* Reintroduce the timeout option (removed from pysandbox 1.5)
* Limit memory
* Block fork and thread
* stdin, stdout and stderr are redirected to /dev/null (or :NUL on Windows)
* Drop the "interpreter" configuration feature: move the code to interpreter.py
* Replace sys.path and other related variables
* Limit input and output sizes
Version 1.5 (2012-03-20)
------------------------
This version is much more functional: hashlib, itertools, math, random,
time, ... modules are supported. This is possible thanks to a more laxist
configuration: it's possible to allow "unsafe" module functions using
allowSafeModule() method of the SandoxConfig, the result of the function is
not proxified. This version improves also the support of CPython restricted
mode and is mostly compatible with Python 3.
* SECURITY FIX: Drop the timeout protection: it was not effective on CPU
intensive function implemented in C. The Python signal handler is not
called directly when the SIGALRM is received.
* SECURITY FIX: Deny unsafe configuration: the _sandbox module or the
CPython restricted mode is mandatory
* SECURITY FIX: Block access to type.__bases__ to protect against a crasher
in CPython. This fix is disabled on Python 2.5 to workaround a crash.
* The recursion limit is now configurable with a default of 50 frames
* Allow the compile() builtin by default
* Block access to function.func_defaults/__defaults__
* Add SandoxConfig.allowSafeModule(): similar to allowModule() but don't
proxify the attribute
* SandboxConfig doesn't import modules anymore to get their path.
* Add __dir__() special method to read object proxy and fake module
objects
* Add "codecs", "datetime", "encodings", "itertools", "math", "random"
and "time" features
* interpreter feature enables encodings feature to support non-ascii
unicode literals
* On Python 2.x, enable CPython restricted mode if the _sandbox module is
missing (_sandbox becomes optional on Python 2.x).
* Drop the "code" configuration feature: give access to frame.f_code and
generator.gi_code by default
* Run the test suite with and without the CPython restricted mode
Version 1.0.3 (2010-09-16)
--------------------------
* SECURITY FIX: Deny access to dict.__init__() to protect __builtins__.
Version 1.0.2 (2010-09-15)
--------------------------
* SECURITY FIX: Deny access to all dict methods able to modify a dict to
protect __builtins__: block clear, pop, popitem, setdefault and update
methods (__delitem__ and __setitem__ were already blocked).
Version 1.0.1 (2010-07-26)
--------------------------
* Fix Python 2.5 compatibility
* Fix Sandbox.execute(): don't create a new object for globals and locals
when the user pass its own dict, only proxify the keys and values
Version 1.0 (2010-06-29)
------------------------
* First public release