Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Python > Challenge: escape from the pysandbox

Thread Tools

Challenge: escape from the pysandbox

Victor Stinner
Posts: n/a

pysandbox is a new Python sandbox project under development. By default,
untrusted code executed in the sandbox cannot modify the environment (write a
file, use print or import a module). But you can configure the sandbox to
choose exactly which features are allowed or not, eg. import sys module and
read the file /etc/issue.

I think that the project reached the "testable" stage. I launch a new
challenge: try to escape from the sandbox. I'm unable to write strict rules.
The goal is to access objects outside the sandbox. Eg. write into a file,
import a module which is not in the whitelist, modify an object outside the
sandbox, etc.

To test the sandbox, you have 3 choices:
- interactive interpreter executed in the sandbox, use:
--verbose to display the whole sandbox configuration,
--features=help to enable help() function,
--features=regex to enable regex,
--help to display the help.
- <>: execute your script in the sandbox.
It has also --features option: use --features=stdout to be able
to use the print instruction
- use directly the Sandbox class: use methods call(), execute()
or createCallback()

Don't use "with sandbox: ..." because there is known but with local frame
variables. I think that I will later drop this syntax because of this bug.
Except of debug_sandbox, I consider that all features are safe and so you can
enable all features

There is no prize, it's just for fun! But I will add the name of hackers
founding the best exploits.

pysandbox is not ready for production, it's under heavy development. Anyway I
*hope* that you will quickly find bugs!


Use to found some examples of how you can escape a sandbox. pysandbox
is protected against all methods described in

See the README file to get more information about how pysandbox is implemented
and get a list of other Python sandboxes.

pysandbox is currently specific to CPython, and it uses some ugly hacks to
patch CPython in memory. In the worst case it will crash the pysandbox Python
process, that's all. I tested it under Linux with Python 2.5 and 2.6. The
portage to Python3 is not done yet (is someone motivated to write a
patch? ).

Victor Stinner
Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
pysandbox 1.0: a new sandbox for Python Victor Stinner Python 0 06-28-2010 10:59 PM
Re: Challenge: escape from the pysandbox Daniel Fetchinson Python 4 03-05-2010 12:05 AM
How to read strings cantaining escape character from a file and useit as escape sequences? slomo Python 5 12-02-2007 11:39 AM
trying out escape characters Griff Perl 6 08-20-2004 08:20 PM
escape a whole regex Tassos Perl 2 12-12-2003 06:36 PM