<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div><br><br>Inviato da iPhone</div><div><br>Il giorno 17 ott 2016, alle ore 11:19, Nathan Woodrow <<a href="mailto:madmanwoo@gmail.com">madmanwoo@gmail.com</a>> ha scritto:<br><br></div><blockquote type="cite"><div><div dir="ltr">For context from here: <a href="https://lwn.net/Articles/574215/">https://lwn.net/Articles/574215/</a><div><br></div><div>"<span style="color:rgb(139,0,0);font-family:"times new roman";font-size:medium">I now agree that putting a sandbox in CPython is the wrong design. There are too many ways to escape the untrusted namespace using the various introspection features of the Python language. To guarantee the [safety] of a security product, the code should be [carefully] audited and the code to review must be as small as possible. Using pysandbox, the "code" is the whole Python core which is a really huge code base. For example, the Python and Objects directories of Python 3.4 contain more than 126,000 lines of C code.</span></div><p style="margin-top:1em;margin-bottom:0px;color:rgb(139,0,0);font-family:"times new roman";font-size:medium">The security of pysandbox is the security of its weakest part. A single bug is enough to escape the whole sandbox."</p></div></div></blockquote><div><br></div><div>Correct. In fact I am talking about this other:</div><div><br></div><div><span style="background-color: rgba(255, 255, 255, 0);"><a href="http://pypy.org/">pypy.org</a> and its sandboxing, that is:</span></div><div><a href="http://doc.pypy.org/en/latest/sandbox.html?highlight=Sandboxing">http://doc.pypy.org/en/latest/sandbox.html?highlight=Sandboxing</a></div><div><br></div><div>that reports the interesting issues you can have with other solutions, as CPython, for example. </div><div>Do you have read it ? If not, good reading :)</div><div><span style="background-color: rgba(255, 255, 255, 0);"><br></span></div><br><blockquote type="cite"><div><div dir="ltr"><p style="margin-top:1em;margin-bottom:0px;color:rgb(139,0,0);font-family:"times new roman";font-size:medium"><br></p></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Oct 17, 2016 at 7:17 PM, Nathan Woodrow <span dir="ltr"><<a href="mailto:madmanwoo@gmail.com" target="_blank">madmanwoo@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Honestly, this is getting tiresome. <div><br></div><div>If you don't like the approval processes that we have in place currently you can create a new plugin repo, it's just an XML file exposed via webserver, there are docs around for it. </div><div><br></div><div>You can give this URL to people and they can install your plugins via that.</div><div><br></div><div>If you don't want to do that, then you will have to go through the approval process. I'm sure there are reasons it took longer than normal, maybe review those first.</div><div><br></div><div>If you want to follow the sandboxed Python route and see how far you get fine, however again I suspect you are in for a long road given the complex nature of that and you would still have to</div><div>be able to support what we can in core, etc. </div><span class="HOEnZb"><font color="#888888"><div><br></div><div>- Nathan</div><div><br></div></font></span></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Oct 17, 2016 at 6:31 PM, Geo DrinX <span dir="ltr"><<a href="mailto:geodrinx@gmail.com" target="_blank">geodrinx@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote"><span>2016-10-17 10:19 GMT+02:00 Nathan Woodrow <span dir="ltr"><<a href="mailto:madmanwoo@gmail.com" target="_blank">madmanwoo@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><p dir="ltr">Qgis uses CPython. You also have to sandbox Qt, so I suspect you are running into a lot of dead ends.</p></blockquote></span><div>Thank you for the suggestion. We will see who is moving in dead ends. :)<br><br></div><div><span id="m_-1158896907318318202m_9215939013109812276gmail-result_box" class="m_-1158896907318318202m_9215939013109812276gmail-" lang="en"><span class="m_-1158896907318318202m_9215939013109812276gmail-">I am</span> <span class="m_-1158896907318318202m_9215939013109812276gmail-">the crow's nest</span> <span class="m_-1158896907318318202m_9215939013109812276gmail-">of the ship and</span> <span>I am experiencing</span> <span>the arrival</span> <span>of the iceberg</span><span>.</span> <br><span>And I hear</span> <span class="m_-1158896907318318202m_9215939013109812276gmail-">the orchestra</span> <span>playing</span> <span class="m_-1158896907318318202m_9215939013109812276gmail-">:)</span></span></div><div><br> <br></div><div>Best regards and <span id="m_-1158896907318318202m_9215939013109812276gmail-result_box" class="m_-1158896907318318202m_9215939013109812276gmail-short_text" lang="en"><span>wishes for a</span> <span class="m_-1158896907318318202m_9215939013109812276gmail-">safe journey. ;)<br><br><br></span></span></div><div><span id="m_-1158896907318318202m_9215939013109812276gmail-result_box" class="m_-1158896907318318202m_9215939013109812276gmail-short_text" lang="en"><span class="m_-1158896907318318202m_9215939013109812276gmail-">Geo<br></span></span></div><br></div><div class="gmail_quote">PS: and then if you want to exit from the one direction maze you are going, here I am.<br></div><div class="gmail_quote">PPS: in the meantime, take a look of this competition: <a href="https://goo.gl/WR8LVF" target="_blank">https://goo.gl/WR8LVF</a></div></div></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></blockquote></body></html>