This looks very interesting. What I like about Tav's approach is that it should also be directly applicable to Jython. Much like Jython in general, there's a tight correspondence between typeobject.c/PyType.java and genobject.c/PyGenerator.java. So we plan on trying out a similar, presumably small patch too.

What will be very helpful here is identifying a set of tests that verify these claims of restricted execution.

- Jim

On Mon, Feb 23, 2009 at 4:03 PM, tav <tav@espians.com> wrote:
Hey Martin,

>> The patch is a mere 6 lines of code and provides the absolute minimum
>> that is needed to secure the Python interpreter!
>
> Unlike Guido, I'm not quite willing to your word for it.

You are right. Sorry, I was a bit too enthusiastic and overstated the case.

How about: "it could possibly enable a secured Python interpreter" ?

> OTOH, the patch looks harmless (with minor corrections). It could
> be considered a bug fix for the current set of restricted attributes

Yes, and it is in that light that I would like the patch to be accepted.

--
love, tav

plex:espians/tav | tav@espians.com | +44 (0) 7809 569 369
http://tav.espians.com | http://twitter.com/tav | skype:tavespian
_______________________________________________



--
Jim Baker
jbaker@zyasoft.com