On 12:37 am, brett@python.org wrote:

>For security reasons I might be asking for file's constructor to be
>removed from the type for Python source code at some point (it can be
>relocated to an extension module if desired).  By forcing people to go
>through open() to create a file object you can more easily control
>read/write access to the file system (assuming the proper importation
>of extension modules has been blocked).  Not removing the constructor
>allows any code that has been explicitly given a file object but not
>open() to just get the class and call the constructor to open a new
>file.

This is a general problem with type access.  Secure versions of any type should not allow access to the type period.  It is hardly unique to files, and is not limited to constructors either.  How do you, e.g., allow a restricted piece of code write access to only a specified area of the filesystem?

More importantly, given the random behavior that open() will be growing (opening sockets?  dynamic dispatch on URL scheme???) file() will likely remain a popular way to be sure you are accessing the filesystem.