[pypy-dev] Zope2-RPython implementation help wanted..

Chris Withers chris at simplistix.co.uk
Fri Jul 25 18:15:41 CEST 2008

Hi All,

Martijn Faassen wrote:
> I think it's unlikely path to try to make pypy-sandbox, a special
> version of PyPy, work in a Zope 2 context right now.

I'm inclined to agree, but I'd avoid writing it off until the PyPy guys 
have agreed. I would be surprised if they can pull something out of 
their box of tricks here, we may just need to find the right way to 
phrase the problem ;-)

At the very least, we should be trying to find the "right" way for 
realms beyond Zope 2, which it sounds like both myself and Stefan are 

> I think there are two possible paths:
> * try to patch up RestrictedPython by closing any new Python 2.5
> related holes. This would require figuring out what these are.

This has been "the plan", it has, unfortunately, met prettymuch 
universal derision from the PyPy guys and silence from Jim :-(

> * reimplement RestrictedPython using zope 3 security proxies

This is only half the problem, though...

> Zope 3 security proxies right now do the following:
> 1) control any attribute access/setting by asking a security policy
> whether it's allowed
> 2) if you call a method on a proxied object, the result will be proxied as well
> 3) if you pass something into a method on a proxied object, the thing
> passed as an argument will be proxied as well.
> I think to implement something like Restricted Python we would need 1
> (with a Zope 2 specific custom security policy) and 2, but not 3. 3
> causes proxies to start spreading through Zope 2 code 

Why would they cause havoc? They'd only result from stuff in a python 
script calling back into Zope, surely?

It's a shame we can't form a better "blood/brain barrier" that proxies 
on the way in and de-proxies on the way out...

> The hope of this strategy is that it's easier to maintain in the face
> of new Python versions than the current RestrictedPython approach.

Right, but there's still the language problems, of which importing is 
the most serious, but I'm sure there are more lurking there...



Simplistix - Content Management, Zope & Python Consulting
            - http://www.simplistix.co.uk

More information about the Pypy-dev mailing list