Page MenuHomePhabricator
Create Task
Maniphest T129

research PyPy for better python script security
Closed, ResolvedPublic
Actions

Description

Find out if PyPy and/or PyPy's sandbox would be useful to increase security.

A good good candidate for testing and confinement, because relatively simple to play with, would be url_to_unixtime (T102). Later also control-port-filter-python.

See also:

Related:

  • research seccomp for better python script security: T128 [if we start using pypy, we might not need T128]

Details

Impact
Needs Triage

Related Objects

Event Timeline

Patrick created this task.Feb 4 2015, 10:20 PM
Patrick raised the priority of this task from to Normal.
Patrick updated the task description. (Show Details)
Patrick added projects: python, security, sdwdate.
Patrick added subscribers: Patrick, HulaHoop.
Herald added a project: Whonix. · View Herald TranscriptFeb 4 2015, 10:20 PM
Patrick mentioned this in T128: research seccomp for better python script security.Feb 4 2015, 10:20 PM
Patrick updated the task description. (Show Details)Feb 5 2015, 12:31 PM
Patrick mentioned this in T102: url_to_unixtime - extract time stamps from http headers.Feb 5 2015, 1:52 PM
HulaHoop added a comment.EditedJun 18 2015, 1:11 AM

PyPy's sandbox is an experimental proof-of-concept and will not be operational any time soon.

The project's dev's comments point out that even the only python module that worked with it, the 'time' module, no longer does and was removed. To support a decent amount of python features a lot of work is needed in addition to long-term maintenance investment.

https://stackoverflow.com/a/29890408

systemd.exec integrates and exposes Linux's security features in an easy to use manner. It was chosen instead.

https://www.whonix.org/forum/index.php/topic,1313

Herald added a subscriber: WhonixQubes. · View Herald TranscriptJun 18 2015, 1:11 AM
HulaHoop closed this task as Resolved.Jun 18 2015, 1:12 AM
HulaHoop set Impact to Needs Triage.
Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer