The failure of pysandbox

Posted Nov 22, 2013 9:28 UTC (Fri) by khim (subscriber, #9252)
In reply to: The failure of pysandbox by dtlin
Parent article: The failure of pysandbox

NaCl is part of the solution, but it's not the whole solution: it's only used as “internal sandbox”, there are also another, OS-level sandbox (ptrace? seccomp-bpf? not 100% sure) plus some additional changes in compiler to make it harder to exploit bugs in NaCl and OS-level sandbox. Although in case of NaCl it's mostly about bugs in CPU, not about bugs in NaCl (so far all AMD and Intel's errata's have not listed anything suitable for NaCl sandbox escape, but couple of these needed additional discussions with AMD/Intel representatives and looked awfully close to a potential sandbox escape).

Initially Google also did some changes to a python interpreter to restrict it, but as was pointed out by Victor Stinner it does not really work and is not used with new, python 2.7-based runtime.