Re: [Python-Dev] Reviving restricted mode?
At 07:56 PM 2/22/2009 -0800, Guido van Rossum wrote:
On Sun, Feb 22, 2009 at 7:39 PM, P.J. Eby <pje@telecommunity.com> wrote:
Just a question, but, if you just need a pure-python restricted environment for App Engine, why not just use the RestrictedPython package (i.e., http://pypi.python.org/pypi/RestrictedPython )?
How does that work? Remember, app engine doesn't support certain things, and bytecode manipulations (if that's what RestrictedPython does) are one of the unsupported things.
It doesn't modify bytecode, it modifies an AST. It basically replaces prints, and attribute/item read/writes with function calls. Unfortunately, it does this AST modification by running as a traversal against the stdlib compiler package's AST, not a modern AST. So, I suppose it might not be usable as-is on app engine. It does, however, have the advantage of having been used in Zope for oh, six or seven years now? ISTM that it first came out around the same time as Python 2.3, and the latest version just dropped support for Python 2.1 and 2.2. So, if you want something that wasn't thrown together in an afternoon, it might be a good thing to take a look at. ;-)
The other reason I can think of is that Tav is a capabilities purist. :-)
You can implement capabilities on top of RestrictedPython; it's simply a policy-neutral enforcement framework.
On Sun, Feb 22, 2009 at 8:14 PM, P.J. Eby <pje@telecommunity.com> wrote:
At 07:56 PM 2/22/2009 -0800, Guido van Rossum wrote:
On Sun, Feb 22, 2009 at 7:39 PM, P.J. Eby <pje@telecommunity.com> wrote:
Just a question, but, if you just need a pure-python restricted environment for App Engine, why not just use the RestrictedPython package (i.e., http://pypi.python.org/pypi/RestrictedPython )?
How does that work? Remember, app engine doesn't support certain things, and bytecode manipulations (if that's what RestrictedPython does) are one of the unsupported things.
It doesn't modify bytecode, it modifies an AST. It basically replaces prints, and attribute/item read/writes with function calls.
If it rewrites *every* attribute read/write with a function call that can get really expensive. Are you saying it also replaces getitem/setitem? Even worse.
Unfortunately, it does this AST modification by running as a traversal against the stdlib compiler package's AST, not a modern AST. So, I suppose it might not be usable as-is on app engine.
Actually, its essential components are easily retrieved through a hack (Google for it ;-). If I weren't so busy I would have made it importable a long time agon.
It does, however, have the advantage of having been used in Zope for oh, six or seven years now? ISTM that it first came out around the same time as Python 2.3, and the latest version just dropped support for Python 2.1 and 2.2. So, if you want something that wasn't thrown together in an afternoon, it might be a good thing to take a look at. ;-)
The other reason I can think of is that Tav is a capabilities purist. :-)
You can implement capabilities on top of RestrictedPython; it's simply a policy-neutral enforcement framework.
-- --Guido van Rossum (home page: http://www.python.org/~guido/)
participants (2)
-
Guido van Rossum -
P.J. Eby