Page MenuHomePhabricator

research PyPy for better python script security
Closed, ResolvedPublic


Find out if PyPy and/or PyPy's sandbox would be useful to increase security.

A good good candidate for testing and confinement, because relatively simple to play with, would be url_to_unixtime (T102). Later also control-port-filter-python.

See also:


  • research seccomp for better python script security: T128 [if we start using pypy, we might not need T128]


Needs Triage

Event Timeline

Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick added projects: python, security, sdwdate.
Patrick added subscribers: Patrick, HulaHoop.

PyPy's sandbox is an experimental proof-of-concept and will not be operational any time soon.

The project's dev's comments point out that even the only python module that worked with it, the 'time' module, no longer does and was removed. To support a decent amount of python features a lot of work is needed in addition to long-term maintenance investment.

systemd.exec integrates and exposes Linux's security features in an easy to use manner. It was chosen instead.,1313

HulaHoop set Impact to Needs Triage.