PyCon 2014

Cómo crear (y hackear) un sandbox con Python

Jessica McKellar  · 




Extracto de la transcripción automática del vídeo realizada por YouTube.

good afternoon everybody our next speaker Jessica mckellar is an entrepreneur software engineer an open source contributor from Cambridge Massachusetts she is co-organizer of Boston Python the largest Python meetup in the world and runs the bite the Boston

Python workshop she's maintainer for the twisted and open hatch projects and on top of that she is co-founder and CTO of Zillah an enterprise messaging service that was acquired by Dropbox last month today she will be talking to us about security solutions

and sandboxing with Python please give her a warm welcome everyone thank you so much all right so today we're going to talk about building and breaking a Python sandbox and this is me I'm also director for the Python Software Foundation I am probably

too involved in the Python community here are a couple of ways to get in touch with me okay so building a sandbox why would we ever want to do this this actually comes up in a lot of a surprising number of contexts when learning a language when provide some

companies want to provide a hosted scratch pad for doing arbitrary computation there are some researchers using distributed computation across bunch of platforms where you need to run untrusted code in remote contexts and there's some cases where you want

to inspect running processes safely whereas sandbox might be helpful so a sandbox the ability to run untrusted Python code and there are a lot of examples of this in the why in the wild Seattle is an academic peer-to-peer computing network Google App Engine

has a Python shell you've ever used code Academy they use this in Python service to run a Python sandbox and check i/o who I think is it's a start up row here there's an on line coding game that you know execute arbitrary Python code and if you

have visited the Python org website post redesign front Center on the front page is you know Python repple and so this is running you know arbitrary code in the sandbox and we have two big choices or two big options when building a sandbox we could do language

level sandboxing which is we're gonna focus on in this talk and then OS level sandboxing and these are sort of modeled by the PI sandbox project and then pi PI is sandboxing model and there we'll talk about sort of the pros and cons of each later in

the talk but we're gonna stick with language level sandboxing because it is a lot of fun it gives us an excuse to dig into some fun language details okay so our most fundamental question here is how do you execute arbitrary Python code in the first place

we have two main primitives for this we have eval which compiles and evaluates expressions and an expression is really just some stuff that reduces to a value like 1 plus 2 and then exact compiles and evaluates statements statements are you know the smallest

standalone chunks of Python code exec is more general because you know all Python programs are made of statements so we'll use exec as the basis for our sandboxing model and we'll set up a little test harness here we have a sandbox in class is really

simple it just has one method execute which takes a code string and execs it ok cool so let's test this and so we'll create an instance of our sandbox class and we have some really simple code we'll just print hello world and we'll execute

that code and this works great ok so we've now written a sandbox that will execute anything but it works good ok so what are some things that we should disallow in our sandbox I was running untrusted user code a lot of options there we definitely we don't

want people to use up all the file descriptors we probably don't want to be able to start up a web server that is doing its own thing maybe they shouldn't be able to air out of the sandbox it maybe should be able to read sensitive information from

the file system and it's just a partial list so there are a lot of things to worry about if we're gonna run untrusted code to you know focus the discussion let's use the ability to write to the file system as a good example of something that our

most basic sandbox should not allow just cuz that represents the ability to probably do a lot of other things we do filling the file system ok so the thing that we're going to focus on to this talk is the ability to write file we definitely don't want

that to be possible so currently this is possible how can we prevent it okay well what is file exactly if we do some poking around at the repple we'll find that if we poke around in this double under square built-ins file is in there so file is one of

[ ... ]

Nota: se han omitido las otras 2.204 palabras de la transcripción completa para cumplir con las normas de «uso razonable» de YouTube.