<br><br><div><span class="gmail_quote">On 6/27/06, <b class="gmail_sendername">Jim Jewett</b> <<a href="mailto:jimjjewett@gmail.com">jimjjewett@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On 6/27/06, Brett Cannon <<a href="mailto:brett@python.org">brett@python.org</a>> wrote:<br>> On 6/27/06, Jim Jewett <<a href="mailto:jimjjewett@gmail.com">jimjjewett@gmail.com</a>> wrote:<br>><br>> > On 6/27/06, Brett Cannon <
<a href="mailto:brett@python.org">brett@python.org</a>> wrote:<br><br>> Shouldn't be as long as you put the call right after variable declarations<br>> and you don't do an PyObject creation at variable declaration time.
<br><br>When PEPping this, please add that restriction to the Extension Module<br>Crippling section.</blockquote><div><br>Sure. <br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
> > I just want a single call that does my erroring out, instead of two<br>> > separate calls depending on whether the interpreter is trusted.<br><br>> Oh, you won't! You have the set call before you even start using the
<br>> interpreter to define your restrictions; that has a return value to flag<br>> that you are trying to set restrictions on a trusted interpreter, and thus<br>> are trying to do somethign that just won't work. Then you have the check
<br>> functions that run in *any* interpreter.<br><br>This is what I was missing -- the bit about who uses which part of the API.<br><br>Is the following correct:<br><br><br>Py_XXXCheck* and Py_XXXExtendedCheck* are called by C extension
<br>modules. They error out of the current function if the action would<br>not be allowed. (In the special case of of a fully trusted function,<br>the happen to compile themselves out.)</blockquote><div><br>They don't compile themselves out unless you didn't compile the functionality in at all, but yes, that's right.
<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">There may be some Py_XXXInfo functions added to find out what the<br>limits are, particularly for python code.
</blockquote><div><br>Yep. Once the C API is settled equivalents at the Python level will be dealt with.<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Py_XXXTrusted() should really be renamed Py_XXXCheckTrusted().<br>Crippled extension modules should really use Py_XXXCheck*, but<br>PyXXXCheckTrusted is a quick way to get all-or-nothing.</blockquote><div><br>Rename seems reasonable. And yes, that is the right idea of usage.
<br></div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">No other PyXXX functions should ever be (directly) called by any<br>loadable module, not even by C extension modules; they are called only
<br>by an embedding program.</blockquote><div><br>Yep.<br><br>I think I will try to add a paragraph at the top using pseudocode, showing typical usage.<br></div><br>-Brett</div>