Building a Python Sandbox

Ayush Jhunjhunwala (~ayush)


38

Votes

Description:

How can you run an untrusted python script safely? A sandbox is a security mechanism for separating running programs. Python being a very popular scripting language we needs such mechanisms. This talk will cover

  • the dynamic nature of Python
  • interesting security challenges
  • basic tactics to overcome the security challenges
  • resource exhaustion
  • running unexpected services
  • disabling/quitting/erroring out of the sandbox

as we work through building a Python Sandbox from scratch.

Prerequisites:

Basic understanding of Python.

Content URLs:

link to presentation: https://drive.google.com/file/d/0BwvqpialcCedQjZtc2VDdVphWTg/view?usp=sharing

Note: The presentation may go through some changes.

Speaker Info:

I am a undergraduate student at International Institute of Information Technology (IIIT-H). This will be my first time as a speaker at a Python conference and I am hoping for some encouraging feedback from your side.

Section: Security
Type: Talks
Target Audience: Beginner
Last Updated:

Can you please elaborate on your approach?

Are you hacking python's safe builtins? Are you relying on a library or are you running the whole thing in a container?

Jaseem Abid (~jaseemabid)

Hi Jaseem, We have built our own python sandbox in python itself. We are not using any external libraries.

Ayush Jhunjhunwala (~ayush)

Login to add a new comment.