All geek questions in one place

Using a Socket Module in a Pypy Sandbox

I am trying to allow a sub-process, isolated by Pypy, to exchange data using a restricted protocol with the parent process.

After looking at the pypy/pypy/translator/sandbox/sandlib.py source code included in Pypy, it seems that VirtualizedSocketProc exists that allows os.open calls to open sockets. I changed some functions of the code (for example, allowing TCP connections on limited ports), but very little was changed. However, I cannot actually import the Pypy socket module, because it requires a non-existent _socket module, which seems to be in parts of the code at the interpreter level.

Am I trying to do this? If so, how do I import a socket module? If not, what else can I do?

+6
source share
1 answer

I explored this further, and it seems to be a pretty fundamental problem. The socket module implemented at the library level (inside the lib directories) is essentially an empty shell for the _socket library, which is an interpreter-level module defined in the pypy/module directory. For those unfamiliar with PyPy, there are two types of modules that can be imported, which roughly corresponds to the pure-Python and C libraries in CPython. Modules implemented at the library level can easily be added to the sandbox and are actually included in the pypy_interact sandbox. However, modules written at the interpreter level are not available inside the sandbox.

It seems that my approach was falsified due to this critical difference. Instead, there are several other options that you might consider if you run into the same problem:

  • Use os.open directly with the file name starting with tcp:// . This really works very well and is my preferred approach.
  • Deploy your own socket library. This, of course, is not preferable, but I believe that it would be possible to create a relatively empty socket library that simply communicates with the sandbox controller, as described above, using socket functions. It may be possible to change the default socket library to achieve this goal (without enabling _socket , for example).
+4
source

Source: https://habr.com/ru/post/892524/

More articles:


All Articles