Presentation of the pysandbox project

Created in february 2010, pysandbox is an experimental project trying to create a sandbox for Python. It is based on a earlier project called, written by Tav in february 2009. pysandbox uses different security models to get the best security with a small speed overhead. It uses a whitelist for Python builtins and imports, and a blacklist for object attributes (eg. it hides function.func_closure). Read the README file for more information.

It is the first time that I wrote some much tests since the beginning of the project. I am very proud and happy of that. I wrote the tests to prove the security model. The test suite helped me many times in the development to detect regressions. It was also my first Python module written in C. I realized that it is simple and well documented.

pysandbox has a major limitation: it hides most methods to modify a dictionary, eg. dict.update({1: 2}) is forbidden. This limitation comes from a limitation of CPython: the function executing bytecode supposes that the __builtins__ variable is a standard dictionary (or CPython does segfault). pysandbox has to replace __builtins__ by a read only object, because being able to modify __builtins__ permits to escape from the untrusted namespace. Because CPython expects a dictionary, pysandbox has to remove methods to modify a dictionary to create the read only __builtins__ variable. I wrote patches to “fix” CPython 2 and 3, to accept __builtins__ of other types than dictionary, but I didn’t proposed the patch upstream yet. It is still possible to modify a dictionary using dict[key]=value and del dict[key] syntaxes.

pysandbox is used by an IRC bot called fschfsch and written by Tila on the Freenode server, I use it to show examples on the #python-fr channel. pysandbox works with Python 2.5, 2.6 and 2.7. With some hacks, it is possible to use it on Python 3.1 and 3.2. I didn’t commit the hacks because I am not sure yet that they are safe.

This entry was posted in python. Bookmark the permalink.

3 Responses to Presentation of the pysandbox project

  1. Hello Victor,

    Nice project! Is it the same approach taken by Google AppEngine?

    By the way, can I make some publicity for my own project (more a proof-of-concept actually, but it can run a Python interpreter like a charm)?

    I have a totally different approach because I rely on the kernel to sandbox the application. It’s named seccomp-nurse. There is even a video showing the python interpreter sandboxed.

  2. admin says:

    Google AppEngine and your engine are layers between the process and the kernel. pysandbox creates a new untrusted namespace in the Python process to hide everything to the untrusted code. You cannot do that with a process sandbox. Extract of the README file:

    “pysandbox is a sandbox for the Python namespace, not a sandbox between Python
    and the operating system. It doesn’t protect your system against Python
    security vulnerabilities: vulnerabilities in modules/functions available in
    your sandbox (depend on your sandbox configuration). By default, only few
    functions are exposed to the sandbox namespace which limits the attack surface.

    pysandbox is unable to limit the memory of the sandbox process: you have to use
    your own protection.”

  3. admin says:

    The PyPy project has also a sandbox which looks similar to your approach: two processes, one with few/no privileges, and the other controls the system calls.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>