[pypy-dev] Re: Mixed modules for both PyPy and CPython

VanL "news-8a9e0fd91190ca" at northportal.net
Wed Apr 12 20:43:57 CEST 2006


There is one other issue which may be relevant: restricted python. 
Restricted python implementations recently showed up on the py3k list as 
a wishlist item - and they are wanted even for python 2.X.

I thought that pypy might be the answer to these restricted python 
wishes.  Implementation would be as follows:

For all allowed functionality, create a compilable pypy extension to 
handle it.

For restricted functionality, delegate to a CPyObjectSpace which could 
allow/disallow or modify the operation.

What makes this work where CPy couldn't is the ability to use two 
different cooperating object spaces to evaluate an expression.  CPy 
doesn't have the object space abstraction which would allow this sort of 

Another benefit is that different restricted interpreters could be 
created, each with a different set of allowed and disallowed operations.

In summary:

(compile a restricted PyPy - rpy - as a CPy extension here)
 >>> import rpy
 >>> def filehandler(fname, mode):
...     if fname in ['allowed1.txt', 'allowed2.txt']:
...         return open(fname, mode)
...     else:
...         raise rpy.Restricted('File access not permitted')
 >>> interp = rpy.new() # restrictions were defined at compile time
 >>> # Add a callback for some restricted functionality
 >>> interp.add_handler('file', filehandler)
 >>> interp.interact()
 >>>> # Now in rpy
 >>>> 2 + 3 # Allowed operation, didn't hit any restrictions
 >>>> open('allowed1.txt', 'r') # allowed by handler
<Restricted File 'allowed1.txt' at 0x23891910>
 >>>> open('disallowed.txt', 'r') # disallowed by handler
Traceback (most recent call last):
   File "<interp_stdin>", line 1, in ?
__main__.__interp__.Restricted: File access not permitted

Would either of these approaches lend itself better to this sort of 
restricted execution idea?


More information about the Pypy-dev mailing list