gourab5139014
commented
6 years ago One of the options we could consider is swapping out the current Python interpreter with https://wiki.python.org/moin/SandboxedPython
Open okennedy opened 6 years ago
gourab5139014
commented
6 years ago One of the options we could consider is swapping out the current Python interpreter with https://wiki.python.org/moin/SandboxedPython
okennedy
commented
6 years ago PyPy seems like it might be a fairly lightweight solution to the sandboxed execution problem. The drawback is that it's built around only Python 2.7.
If we're going to rely on Python as heavily as we do, it needs to be executed in a sandboxed context.
Here's some discussion about how to possibly pull this off.
Jupyter does this on their hosted services, as, presumably does GitHub. Other services like CodePad also need to play similar games. http://codepad.org/about describes the trick as using chroot and blocking most system calls with ptrace. Sandstorm.io does something similar.