[prev in list] [next in list] [prev in thread] [next in thread]
List: pypy-dev
Subject: Re: [pypy-dev] sandboxed exec function with context passing?
From: Armin Rigo <arigo () tunes ! org>
Date: 2009-03-09 16:46:50
Message-ID: 20090309164650.GA5434 () code0 ! codespeak ! net
[Download RAW message or body]
Hi Jurgis,
On Sun, Mar 08, 2009 at 01:24:27AM +0200, Jurgis Pralgauskis wrote:
> I would like to use sandboxed pypy for online step by step tutorials...
> 1) I need ability to pass context then.
> 2) and also would be nice to get result as variable not just like output.
There is no way any security mechanism can allow arbitrary objects to be
passed in or out, as this would create a security hole. In our case, it
is an extreme version of this constrain. The subprocess is really a
different process, and you communicate with it using only the
(sandboxed) I/O functions. That means that you must encode everything
as I/O operations (and maybe build nicer abstractions to use on top of
that, but these would have to use the low-level I/O method of exchanging
information).
There is nothing like that built so far, but you can easily use e.g. the
marshal module: marshal the data outside, and send it to the sandboxed
process via a pseudo "file read", and then unmarshal it there. And the
same in the other direction with a "file write".
A bientot,
Armin.
_______________________________________________
pypy-dev@codespeak.net
http://codespeak.net/mailman/listinfo/pypy-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic