[summerofcode] rexec project

[Jonathan Hudson]

I've been playing around with an idea to make a secure rexec,
and I think I would like to do that for the summer of code project.
Essentially, all objects are wrapped by a container restriction object.
When a module gets imported, any objects that are allowed to be
accessed would have to be specified outside of the restricted execution
code.

The restricted object would go something like this:

# restricted object
class RObject:
   def __call__(self ....
       # check if function call is ok  and call it if ok

   def __getattr__(self ....
       # check if ok to read attribute and return it if ok

   ....

RObject would not store have any data members itself.
Instead it would access a global dictionary that isn't
accessable to the restriction execution code.
I'm working on some demo code to see if the idea
might work. Does this sound viable or I am missing something
important? I've debated myself on how to write up the proposal.
I just looked at Zope today and decided if my idea doesn't work,
I could try using their method.

-- Jonathan