[pypy-dev] Security ideas
faassen at infrae.com
Fri May 26 16:26:19 CEST 2006
Armin Rigo wrote:
> Hi all,
> On Monday I was at an inspiring seminar about (a specific form of)
> language-level security. I've collected the PyPy-ification of these
> ideas there:
> Although the focus is different, it makes me think that we could also
> use similar ideas to implement a form of 'rexec' (restricted execution),
> with functions compiled by secure() as in the draft above, but running
> at a priviledge level which is lower than the default ambiant level
> instead of higher.
As a general note it might be useful to talk to Jim Fulton for
real-world experience concerning language-level security in Python. I'll
cc him so he at least is aware of your security ideas document.
In Zope 2, there is a precompiler for untrusted Python code, offering,
as far as I understand, true language-level security.
In Zope 3 this approach has been dropped as hard to maintain and
replaced with object level security (attribute access is controlled with
a permission system).
More information about the Pypy-dev