Denying disk access and calling some other functions at the Python or Linux level

Question:

I am writing a python backend using django and decided to add functionality so that users can send me .py files for execution. The task was how to protect yourself? From this file I have to call a function with a predetermined name, but the problem is that suddenly users inside the function will open sockets or create a million files or something … In general, how can I prevent them from doing this by calling this function?

Is it possible to do this at the python level and not at the Linux level?

Answer:

PyPy offers sandboxing at a level similar to that of the sandbox OS, for example SECCOMP under Linux, but this is purely a python-level solution:

One of PyPy's translation aspects is a sandboxing feature. It's “sandboxing” as in “full virtualization”, but done in normal C with no OS support at all.

More details with examples in the PyPy documentation .

Scroll to Top