[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [pygame] pygame web plugin



On Mon, Sep 8, 2008 at 4:42 AM, Bob Ippolito <bob@xxxxxxxxxx> wrote:
> On Sun, Sep 7, 2008 at 12:49 PM, Campbell Barton <ideasman42@xxxxxxxxx> wrote:
>> Im still a bit at a loss as to where the blocking problem is...
>>
>> if I was to sandbox cpython for a pygame heres what Id try.
>>
>> - replace builtins like import, compile, exec, reload  through the C
>> api (as with the blender3d example I posted earlier, scripters will
>> need to write scripts accounting for this perhaps in one py file to
>> start with.
>> - try to replace pythons memory allocator with one that can be
>> limited.. OR, patch python to limit the memory it can use. (web plugin
>> could statically link the patched python) OR use process some OS
>> control to limit memory management.
>>
>> What else would you need to do to sandbox python for a web plugin?
>
> Just give up and figure out how to compile Python to JavaScript or
> ActionScript or some other well tested VM designed for this kind of
> use case. Then you won't even need to get people to install a plug-in,
> because everyone already has JavaScript in their browser and almost
> everyone has Flash (except on iPhone).
>
> PyPy -> Flash VM sounded like a promising approach, and it provides
> everything that pygame does (and then some) on a technical level
> anyway, so it'd largely be an exercise in writing a wrapper library to
> expose a familiar API.
>
> -bob
>

Why give up? - Blender3d uses this sandbox already and nobody has
given me an example of how you'd use a malicious python script to
workaround replacing builtins from C. (remember import is replaced)

The memory problem is still there, but there are ways to use too much
memory unrelated to python so Id consider that a separate topic since
it would result in crashing the app, not stealing users data or
breaking their OS.
- Any linux users could also note that adobe's flash plugin crashes
quite frequently on many systems, so I would not compare
hanging/memory errors with easily being able to run arbitrary python
on someones system.

I also have strong doubts about the use of pypy/actionscript in
relation to pygame which uses C/Pythons api. you cant just take this
and point it to actionscript, and keep accessing SDL functions in the
same way.

Flash doesnt do blitting as far as I know, or allow openGL access. -
thats another discussion though.

People worried about security need to remember too that pygame and
blender are not enterprise class applications that run on a server
with 1000's of people executing scripts on them.
security issues cant be ignored, but the requirements are not as high.