On Tue, Apr 12, 2016 at 11:03:11PM +1000, Chris Angelico wrote: > One of the key differences with scripts in web browsers is that there > *is* no "outer environment" to access.
If you think that then I think you considerably misunderstand how modern browsers work. > Remember what I said about the difference between Python-in-Python > sandboxing and, say, Lua-in-Python? One tiny exploit in > Python-in-Python and you suddenly gain access to the entire outer > environment, and it's game over. One tiny exploit in Lua-in-Python > and you have whatever that exploit gave you, nothing more. Are you imagining the Lua-in-Python as being completely isolated from the Python namespace then? > In fact, if you're prepared to forfeit almost all of Python's power to > achieve security, you probably should look into embedding a JavaScript > or Lua engine in your Python code. Yes, I have in fact already done this (JavaScript using SpiderMonkey). It allows the JavaScript to access Python objects and methods directly from JavaScript so it doesn't actually help, but I think I could put limits on that (e.g. making things read-only) and unlike most of this Python stuff, that could be made a solid rule with no clever ways around it. > I suspect re is next on the chopping block (it has a global cache - > if the outer system uses a regular expression more than once, it > would potentially be possible to mess with it in the cache, and then > next time it gets used, the injected code gets run), All you could do would be to give misleading results from the regular expression methods, but yes that is a good point. I regret that I added the import stuff at all now - it has just been a distraction from my original point. > [1] And if anyone mentions PHP, I will set him to work on the hardest > PHP problem I know of - no, not securing it. I mean convincing end > users that it's not necessary. Securing it is trivial by comparison. Fortunately I have managed to exclude PHP completely these days from any system I have anything to do with! _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
