[pypy-dev] Running untrusted code in pypy
holger krekel
holger at merlinux.de
Mon Feb 19 17:27:41 CET 2007
Hi Vinj,
On Mon, Feb 19, 2007 at 08:05 -0800, Vinj Vinj wrote:
> I've been following pypy dev for several years and
> this is my first post here. Thanks for all the hard
> work you guys have put in, it is truly exciting to see
> what pypy has accomplished so far.
>
> I'm currently building a distributing financial
> trading application that allows users to write trading
> models in python and lua. I had to introduce lua,
> since there is no way to completely "secure" user
> models written in cPython.
>
> I'm working with a modified Lua core which allows me
> to restrict the max memory and max CPU cycles
> available for each vm. I then have a python-lua bridge
> code that allows you exchange data and function calls
> between the two.
>
> Would I be able to do something similar with pypy?
PyPy does not (currently) aim at offering cpu/mem
restrictions, but you could use virtual hosts (XEN or vserver)
for that, both offer such restriction settings. PyPy itself
may help with the Taint Object Space:
http://codespeak.net/pypy/dist/pypy/doc/objspace-proxies.html#the-taint-object-space
to track sensitive data flows in your application and prevent
it from accidentally leaking.
> Would I be able to ensure that no malicious user is
> able to bring my hosted application down?
I'd probably use kernel-level security for that, maybe
in combination with VM provided features. (not sure
if you refer to processing of user-input or to
DOS attacks or some other security aspects, it
obviously all depends a bit on concrete use cases
and intentions).
> Are any of you guys going to be at pycon-2007?
Michael and Christian are going to be there,
myself i am busy preparing for the upcoming sprints,
but i am happy to discuss possibilities some time.
best,
holger
--
merlinux GmbH Steinbergstr. 42 31139 Hildesheim
http://merlinux.de tel +49 5121 20800 75 (fax 77)
More information about the pypy-dev
mailing list