Add a sandbox in Distutils2

[tarekziade]

BPO	8680
Nosy	@vstinner, @tarekziade, @merwok

^{Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.}

Show more details

GitHub fields:

assignee = 'https://github.com/tarekziade'
closed_at = <Date 2014-03-13.10:44:33.169>
created_at = <Date 2010-05-10.22:15:46.891>
labels = ['type-feature']
title = 'Add a sandbox in Distutils2'
updated_at = <Date 2014-03-13.10:44:33.169>
user = 'https://github.com/tarekziade'

bugs.python.org fields:

activity = <Date 2014-03-13.10:44:33.169>
actor = 'eric.araujo'
assignee = 'tarek'
closed = True
closed_date = <Date 2014-03-13.10:44:33.169>
closer = 'eric.araujo'
components = ['Distutils2']
creation = <Date 2010-05-10.22:15:46.891>
creator = 'tarek'
dependencies = []
files = []
hgrepos = []
issue_num = 8680
keywords = []
message_count = 7.0
messages = ['105471', '105749', '115783', '120622', '120623', '120624', '120627']
nosy_count = 5.0
nosy_names = ['vstinner', 'tarek', 'eric.araujo', 'meatballhat', 'th3flyboy']
pr_nums = []
priority = 'normal'
resolution = 'out of date'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'enhancement'
url = 'https://bugs.python.org/issue8680'
versions = ['3rd party']

[tarekziade]

Add a sandbox in distutils2, so all installation steps can be recorded or controlled.

Usage example: a dry-run mode that prevents anything to be written on the disk but just reports.

See setuptools.sandbox for example

[merwok]

What kind of sandbox should that be? Best-effort, meaning it replaces some functions to provide the dry-run feature, or an iron-clad sandbox that blocks malicious code from breaking out?

[merwok]

I talked a bit about that with haypo. A strong sandbox would have to intercept a number of C and Python calls to catch everything. The sandbox module in setuptools/distribute does that in 250 lines. I’m not sure it catches C code run from extension modules being built, but we could test that with haypo’s pysandbox.

[th3flyboy]

Hey, even if it's not perfect, it would be nice to at least see partial sand boxing in Python, rather than none at all. I'm working on an open source game project that uses Python, but recently the issue of security came up involving using python scripts with malicious intent or even just on accident that may cause security issues with user generated content. It would be great to be able to see even a built in sandbox that just covers python scripts, let alone calls to C/C++ code. Even if it's not perfect, some is better than none in my opinion.

[merwok]

We’re saying the same thing :) It all depends on the promise: If you’re making a best-effort sandbox, you’re trying to do the best you can, in cooperation with your users. For a game, I think you want an iron-clad sandbox that is totally error-proof. See https://pypi.python.org/pypi/pysandbox/1.0.3 for such a thing.

[th3flyboy]

Cool, thanks for that link, that should really help. One quick question however, do you or anyone else know if that will work under Python 3, we currently use 2, however it would be nice to be able to future proof for moving to 3.

[merwok]

I think there is some py3 support in pysandbox, but I’m not sure, and this discussion is off-topic for this bug tracker. If you don’t find anything in the links on the pysandbox page, feel free to ask on the python-list mailing list.