I've received some enthusiastic emails from someone who wants to
revive restricted mode. He started out with a bunch of patches to the
CPython runtime using ctypes, which he attached to an App Engine bug:
http://code.google.com/p/googleappengine/issues/detail?id=671
Based on his code (the file secure.py is all you need, included in
secure.tar.gz) it seems he believes the only security leaks are
__subclasses__, gi_frame and gi_code. (I have since convinced him that
if we add "restricted" guards to these attributes, he doesn't need the
functions added to sys.)
I don't recall the exploits that Samuele once posted that caused the
death of rexec.py -- does anyone recall, or have a pointer to the
threads?
--
--Guido van Rossum (home page: http://www.python.org/~guido/)
Hello,
I guess a long time ago, threading support in operating systems wasn't
very widespread, but these days all our supported platforms have it.
Is it still useful for production purposes to configure
--without-threads? Do people use this option for something else than
curiosity of mind?
Regards
Antoine.
Alright, I will re-submit with the contents pasted. I never use double
backquotes as I think them rather ugly; that is the work of an editor
or some automated program in the chain. Plus, it also messed up my
line formatting and now I have lines with one word on them... Anyway,
the contents of PEP 3145:
PEP: 3145
Title: Asynchronous I/O For subprocess.Popen
Author: (James) Eric Pruitt, Charles R. McCreary, Josiah Carlson
Type: Standards Track
Content-Type: text/plain
Created: 04-Aug-2009
Python-Version: 3.2
Abstract:
In its present form, the subprocess.Popen implementation is prone to
dead-locking and blocking of the parent Python script while waiting on data
from the child process.
Motivation:
A search for "python asynchronous subprocess" will turn up numerous
accounts of people wanting to execute a child process and communicate with
it from time to time reading only the data that is available instead of
blocking to wait for the program to produce data [1] [2] [3]. The current
behavior of the subprocess module is that when a user sends or receives
data via the stdin, stderr and stdout file objects, dead locks are common
and documented [4] [5]. While communicate can be used to alleviate some of
the buffering issues, it will still cause the parent process to block while
attempting to read data when none is available to be read from the child
process.
Rationale:
There is a documented need for asynchronous, non-blocking functionality in
subprocess.Popen [6] [7] [2] [3]. Inclusion of the code would improve the
utility of the Python standard library that can be used on Unix based and
Windows builds of Python. Practically every I/O object in Python has a
file-like wrapper of some sort. Sockets already act as such and for
strings there is StringIO. Popen can be made to act like a file by simply
using the methods attached the the subprocess.Popen.stderr, stdout and
stdin file-like objects. But when using the read and write methods of
those options, you do not have the benefit of asynchronous I/O. In the
proposed solution the wrapper wraps the asynchronous methods to mimic a
file object.
Reference Implementation:
I have been maintaining a Google Code repository that contains all of my
changes including tests and documentation [9] as well as blog detailing
the problems I have come across in the development process [10].
I have been working on implementing non-blocking asynchronous I/O in the
subprocess.Popen module as well as a wrapper class for subprocess.Popen
that makes it so that an executed process can take the place of a file by
duplicating all of the methods and attributes that file objects have.
There are two base functions that have been added to the subprocess.Popen
class: Popen.send and Popen._recv, each with two separate implementations,
one for Windows and one for Unix based systems. The Windows
implementation uses ctypes to access the functions needed to control pipes
in the kernel 32 DLL in an asynchronous manner. On Unix based systems,
the Python interface for file control serves the same purpose. The
different implementations of Popen.send and Popen._recv have identical
arguments to make code that uses these functions work across multiple
platforms.
When calling the Popen._recv function, it requires the pipe name be
passed as an argument so there exists the Popen.recv function that passes
selects stdout as the pipe for Popen._recv by default. Popen.recv_err
selects stderr as the pipe by default. "Popen.recv" and "Popen.recv_err"
are much easier to read and understand than "Popen._recv('stdout' ..." and
"Popen._recv('stderr' ..." respectively.
Since the Popen._recv function does not wait on data to be produced
before returning a value, it may return empty bytes. Popen.asyncread
handles this issue by returning all data read over a given time
interval.
The ProcessIOWrapper class uses the asyncread and asyncwrite functions to
allow a process to act like a file so that there are no blocking issues
that can arise from using the stdout and stdin file objects produced from
a subprocess.Popen call.
References:
[1] [ python-Feature Requests-1191964 ] asynchronous Subprocess
http://mail.python.org/pipermail/python-bugs-list/2006-December/
036524.html
[2] Daily Life in an Ivory Basement : /feb-07/problems-with-subprocess
http://ivory.idyll.org/blog/feb-07/problems-with-subprocess
[3] How can I run an external command asynchronously from Python? - Stack
Overflow
http://stackoverflow.com/questions/636561/how-can-i-run-an-external-
command-asynchronously-from-python
[4] 18.1. subprocess - Subprocess management - Python v2.6.2 documentation
http://docs.python.org/library/subprocess.html#subprocess.Popen.wait
[5] 18.1. subprocess - Subprocess management - Python v2.6.2 documentation
http://docs.python.org/library/subprocess.html#subprocess.Popen.kill
[6] Issue 1191964: asynchronous Subprocess - Python tracker
http://bugs.python.org/issue1191964
[7] Module to allow Asynchronous subprocess use on Windows and Posix
platforms - ActiveState Code
http://code.activestate.com/recipes/440554/
[8] subprocess.rst - subprocdev - Project Hosting on Google Code
http://code.google.com/p/subprocdev/source/browse/doc/subprocess.rst?spec=s…
[9] subprocdev - Project Hosting on Google Code
http://code.google.com/p/subprocdev
[10] Python Subprocess Dev
http://subdev.blogspot.com/
Copyright:
This P.E.P. is licensed under the Open Publication License;
http://www.opencontent.org/openpub/.
On Tue, Sep 8, 2009 at 22:56, Benjamin Peterson <benjamin(a)python.org> wrote:
> 2009/9/7 Eric Pruitt <eric.pruitt(a)gmail.com>:
>> Hello all,
>>
>> I have been working on adding asynchronous I/O to the Python
>> subprocess module as part of my Google Summer of Code project. Now
>> that I have finished documenting and pruning the code, I present PEP
>> 3145 for its inclusion into the Python core code. Any and all feedback
>> on the PEP (http://www.python.org/dev/peps/pep-3145/) is appreciated.
>
> Hi Eric,
> One of the reasons you're not getting many response is that you've not
> pasted the contents of the PEP in this message. That makes it really
> easy for people to comment on various sections.
>
> BTW, it seems like you were trying to use reST formatting with the
> text PEP layout. Double backquotes only mean something in reST.
>
>
> --
> Regards,
> Benjamin
>
Hi,
Python code should not depend upon the ordering of items in a dict.
Unfortunately it seems that a number of tests in the standard library do
just that.
Changing PyDict_MINSIZE from 8 to either 4 or 16 causes the following
tests to fail:
test_dis test_email test_inspect test_nntplib test_packaging
test_plistlib test_pprint test_symtable test_trace
test_sys also fails, but this is a legitimate failure in sys.getsizeof()
Changing the collision resolution function from f(n) = 5n + 1 to
f(n) = n + 1 results in the same failures, except for test_packaging and
test_symtable which pass.
Finally, changing the seed in unicode_hash() from (implicit) 0 to an
arbitrary value (12345678) causes the above tests to fail plus:
test_json test_set test_ttk_textonly test_urllib test_urlparse
I think this is a real issue as the unicode_hash() function is likely to
change soon due to http://bugs.python.org/issue13703.
Should I:
1. Submit one big bug report?
2. Submit a bug report for each "failing" test separately?
3. Ignore it, since the tests only fail when I start messing about?
Cheers,
Mark.
The free Visual Studio 11 Express for Windows 8 (still in beta) will
produce both 32 and 64 bit binaries and allow multiple languages but
will only produce Metro apps. For desktop apps, either the paid Visual
Studio versions or the free 2010 Express releases are required.
https://www.microsoft.com/visualstudio/11/en-us/products/express
bottom of page.
Will this inhibit someday moving to Visual Studio 11 Professional or
would VS2010 Express or VC++2010 Express still work for hacking on
Python or making extensions that would work with any VS11-produced binary?
--
Terry Jan Reedy
Hi,
I see PEP 418 gives time.clock_info() two boolean fields named
"is_monotonic" and "is_adjusted". I think the "is_" is unnecessary and
a bit ugly, and they could just be renamed "monotonic" and "adjusted".
Thoughts?
--
Regards,
Benjamin
With 3.3a3 tagged and the beta stage currently 2 months away, I would like
to draw your attention to the following list of possible features for 3.3
as specified by PEP 398:
Candidate PEPs:
* PEP 362: Function Signature Object
* PEP 395: Qualified Names for Modules
* PEP 397: Python launcher for Windows
* PEP 402: Simplified Package Layout (likely a new PEP derived from it) --
I assume PEP 420 is a candidate for that?
* PEP 405: Python Virtual Environments
* PEP 421: Adding sys.implementation
* PEP 3143: Standard daemon process library
* PEP 3144: IP Address manipulation library
* PEP 3154: Pickle protocol version 4
Other planned large-scale changes:
* Addition of the "regex" module
* Email version 6
* A standard event-loop interface (PEP by Jim Fulton pending)
* Breaking out standard library and docs in separate repos?
Benjamin: I'd also like to know what will become of PEP 415.
If anyone feels strongly about one of these items, please get ready to
finalize and implement it well before June 23 (beta 1), or we have to
discuss about adding another alpha.
Also, if I missed any obvious candidate PEP or change, please let me know.
cheers,
Georg
When writing the docs for types.new_class(), I discovered that the
description of the class creation process in the language reference
was not only hard to follow, it was actually *incorrect* when it came
to describing the algorithm for determining the correct metaclass.
I rewrote the offending section of the language reference to both
describe the correct algorithm, and hopefully also to be easier to
read. Once people have had a chance to review the changes in the 3.3
docs, I'll backport the update to 3.2.
Previous docs: http://docs.python.org/py3k/reference/datamodel.html#customizing-class-crea…
Updated docs: http://docs.python.org/dev/reference/datamodel.html#customizing-class-creat…
Cheers,
Nick.
--
Nick Coghlan | ncoghlan(a)gmail.com | Brisbane, Australia
A brief status update on PEP 405 (built-in virtualenv) and the open issues:
1. As mentioned in the updated version of the language summit notes,
Nick Coghlan has agreed to pronounce on the PEP.
2. Ned Deily discovered at the PyCon sprints that the current reference
implementation does not work with an OS X framework build of Python.
We're still working to discover the reason for that and determine
possible fixes.
3. If anyone knows of a pair of packages in which both need to build
compiled extensions, and the compilation of the second depends on header
files from the first, that would be helpful to me in testing the other
open issue (installation of header files). (I thought numpy and scipy
might fit this bill, but I'm currently not able to install numpy at all
under Python 3 using pysetup, easy_install, or pip.)
Thanks,
Carl
Hello,
As per PEP 3108, we were supposed to merge profile/cProfile into one
unified module. I initially championed the change, but other things got in
the way and I have never got to the point of a useful patch. I posted some
code and outlined an approach how the merge could be done. However, there
still a lot of details to be worked out.
So I wondering whether we should abandon the change all together or attempt
it for the next release. Personally, I slightly leaning on the former
option since the two modules are actually fairly different underneath even
though they are used similarly. And also, because it is getting late to
make such backward incompatible changes.
I am willing to volunteer to push the change though if it is still desired
by the community.
Cheers!
http://bugs.python.org/issue2919
