Challenge: escape from the pysandbox

Discussion in 'Python' started by Victor Stinner, Feb 26, 2010.

  1. Hi,

    pysandbox is a new Python sandbox project under development. By default,
    untrusted code executed in the sandbox cannot modify the environment (write a
    file, use print or import a module). But you can configure the sandbox to
    choose exactly which features are allowed or not, eg. import sys module and
    read the file /etc/issue.

    I think that the project reached the "testable" stage. I launch a new
    challenge: try to escape from the sandbox. I'm unable to write strict rules.
    The goal is to access objects outside the sandbox. Eg. write into a file,
    import a module which is not in the whitelist, modify an object outside the
    sandbox, etc.

    To test the sandbox, you have 3 choices:
    - interactive interpreter executed in the sandbox, use:
    --verbose to display the whole sandbox configuration,
    --features=help to enable help() function,
    --features=regex to enable regex,
    --help to display the help.
    - <>: execute your script in the sandbox.
    It has also --features option: use --features=stdout to be able
    to use the print instruction :)
    - use directly the Sandbox class: use methods call(), execute()
    or createCallback()

    Don't use "with sandbox: ..." because there is known but with local frame
    variables. I think that I will later drop this syntax because of this bug.
    Except of debug_sandbox, I consider that all features are safe and so you can
    enable all features :)

    There is no prize, it's just for fun! But I will add the name of hackers
    founding the best exploits.

    pysandbox is not ready for production, it's under heavy development. Anyway I
    *hope* that you will quickly find bugs!


    Use to found some examples of how you can escape a sandbox. pysandbox
    is protected against all methods described in ;-)

    See the README file to get more information about how pysandbox is implemented
    and get a list of other Python sandboxes.

    pysandbox is currently specific to CPython, and it uses some ugly hacks to
    patch CPython in memory. In the worst case it will crash the pysandbox Python
    process, that's all. I tested it under Linux with Python 2.5 and 2.6. The
    portage to Python3 is not done yet (is someone motivated to write a
    patch? :)).

    Victor Stinner
    Victor Stinner, Feb 26, 2010
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Artco News

    Parsing challenge...

    Artco News, Oct 7, 2003, in forum: Perl
    Oct 8, 2003
  2. slomo
    Duncan Booth
    Dec 2, 2007
  3. Daniel Fetchinson

    Re: Challenge: escape from the pysandbox

    Daniel Fetchinson, Feb 27, 2010, in forum: Python
    Mar 5, 2010
  4. Victor Stinner

    pysandbox 1.0: a new sandbox for Python

    Victor Stinner, Jun 28, 2010, in forum: Python
    Victor Stinner
    Jun 28, 2010
  5. Chris Angelico
    Chris Angelico
    Nov 12, 2013

Share This Page