←back to thread

MCP Run Python

(github.com)
173 points xrd | 7 comments | 15 Apr 25 11:09 UTC | HN request time: 0.42s | source | bottom
Show context
behnamoh ◴[17 Apr 25 15:27 UTC] No.43718268[source]
So their method of sandboxing Python code is to spin up a JS runtime (deno), run Pyodide on it, and then run the Python code in Pyodide.

Seems a lot of work to me. Is this really the best way to create and run Python sandboxes?

replies(11): >>43718335 #>>43718770 #>>43718841 #>>43719300 #>>43719370 #>>43719672 #>>43719881 #>>43721408 #>>43722369 #>>43723869 #>>43726452 #
1. kissgyorgy ◴[17 Apr 25 15:31 UTC] No.43718335[source]
Not at all.
replies(1): >>43718720 #
2. jononor ◴[17 Apr 25 16:00 UTC] No.43718720[source]
What is the best way? Or at least, a better way?
replies(3): >>43719590 #>>43720219 #>>43721566 #
3. babush ◴[17 Apr 25 17:06 UTC] No.43719590[source]
I recall Shopify having a seccomp-based jail to run untrusted ruby code. But their use-case was very limited so they can get away with blocking almost every syscall.

Other than that... VMs? The fact that people consider JS/WASM engines good security sandboxes is a bit scary tbf.

replies(1): >>43719705 #
4. simonw ◴[17 Apr 25 17:16 UTC] No.43719705{3}[source]
I trust a WASM sandbox a whole lot more than I trust a Docker container sandbox.

WASM engines run in almost every browser on earth, billions of times a day. Security problems in those get spotted very quickly.

replies(1): >>43720292 #
5. kissgyorgy ◴[17 Apr 25 17:58 UTC] No.43720219[source]
Landlock, cgroups on Linux
6. babush ◴[17 Apr 25 18:06 UTC] No.43720292{4}[source]
It's a bit hard to do comparisons without going into threat models and all that _fun_ stuff :shrug:

For example, JS runs in almost every browser on earth too, yet it took V8 devs 2 years to find out that `Math.expm1()` could return -0.0 (https://chromium.googlesource.com/v8/v8.git/+/56f7dda67fdc97...). This is a cherry-picked example, and JS is clearly more complex than WASM, but still.

Just because stuff runs on a lot of devices doesn't mean it's more or less secure.

Linux runs on quite a few devices too, yet we still find bugs, people still don't ship updates to said bugs, yadda yadda yadda.

My point is just that lots of devs often skip the threat modeling and just think "I'll slap it in a WASM thingie an it'll be fine". Well good luck.

7. ehsanu1 ◴[17 Apr 25 20:05 UTC] No.43721566[source]
gVisor