[pypy-dev] Security ideas

Martijn Faassen faassen at infrae.com
Fri May 26 16:26:19 CEST 2006


Armin Rigo wrote:
> Hi all,
> 
> On Monday I was at an inspiring seminar about (a specific form of)
> language-level security.  I've collected the PyPy-ification of these
> ideas there:
> 
> http://codespeak.net/svn/pypy/dist/pypy/doc/discussion/security-ideas.txt
> 
> Although the focus is different, it makes me think that we could also
> use similar ideas to implement a form of 'rexec' (restricted execution),
> with functions compiled by secure() as in the draft above, but running
> at a priviledge level which is lower than the default ambiant level
> instead of higher.

As a general note it might be useful to talk to Jim Fulton for 
real-world experience concerning language-level security in Python. I'll 
cc him so he at least is aware of your security ideas document.

In Zope 2, there is a precompiler for untrusted Python code, offering, 
as far as I understand, true language-level security.

In Zope 3 this approach has been dropped as hard to maintain and 
replaced with object level security (attribute access is controlled with 
a permission system).

Regards,

Martijn




More information about the Pypy-dev mailing list