How does a sandboxed Python interpreter work? Is it even possible, from what I heard you can't really sandbox Python.

Here, let me try:

    docker run --rm python:3

There you go. Before putting it in production, I recommend reading up some on seccomp, user namepsaces, and other security options, but to be honest you're already pretty fine with just that.

Want more options? AWS lambda supports python. Cloud functions of various clouds (google, probably azure, etc) support python. Those are all sandboxes.

You can cross-compile python to wasm, and run it directly with javascript... or with any of a number of sandboxed wasm runtimes.

All that said, given the python packages they have available, my money is on a bunch of docker containers, not wasm or lambda or such.

Pedantic reminder containers are not secure sandboxes without a tweaked runtime like gVisor.

I don't think this "pedantic reminder" is correct.

Feel free to prove me wrong though. Give me a binary to run which will escape a container, configured only with docker flags I choose to set, but without gvisor.

If it's not a "secure sandbox", surely the above should be easy... But of course you won't be able to. "contained.af" (temporarily broken right now unfortunately) has been running for 5+ years with docker, no gvisor, and no one capturing the CTF flag.

No argument. I personally find gVisor much easier to reason about and delivering exactly what it says on the tin so that is what I proselytize.

Here's an overview of how to sandbox almost every programming language ever using standard linux sandboxing techniques: https://github.com/TryItOnline

This powers tio.run

Sandboxing Python is perfectly possible. You just use kernel/process level sandboxing, or you could use something like the GraalVM sandbox which operates at the userspace level by exploiting compiler/VM tech.