New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add a sandbox in Distutils2 #52926
Comments
Add a sandbox in distutils2, so all installation steps can be recorded or controlled. Usage example: a dry-run mode that prevents anything to be written on the disk but just reports. See setuptools.sandbox for example |
What kind of sandbox should that be? Best-effort, meaning it replaces some functions to provide the dry-run feature, or an iron-clad sandbox that blocks malicious code from breaking out? |
I talked a bit about that with haypo. A strong sandbox would have to intercept a number of C and Python calls to catch everything. The sandbox module in setuptools/distribute does that in 250 lines. I’m not sure it catches C code run from extension modules being built, but we could test that with haypo’s pysandbox. |
Hey, even if it's not perfect, it would be nice to at least see partial sand boxing in Python, rather than none at all. I'm working on an open source game project that uses Python, but recently the issue of security came up involving using python scripts with malicious intent or even just on accident that may cause security issues with user generated content. It would be great to be able to see even a built in sandbox that just covers python scripts, let alone calls to C/C++ code. Even if it's not perfect, some is better than none in my opinion. |
We’re saying the same thing :) It all depends on the promise: If you’re making a best-effort sandbox, you’re trying to do the best you can, in cooperation with your users. For a game, I think you want an iron-clad sandbox that is totally error-proof. See https://pypi.python.org/pypi/pysandbox/1.0.3 for such a thing. |
Cool, thanks for that link, that should really help. One quick question however, do you or anyone else know if that will work under Python 3, we currently use 2, however it would be nice to be able to future proof for moving to 3. |
I think there is some py3 support in pysandbox, but I’m not sure, and this discussion is off-topic for this bug tracker. If you don’t find anything in the links on the pysandbox page, feel free to ask on the python-list mailing list. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: