[pypy-dev] Zope2-RPython implementation help wanted..
chris at simplistix.co.uk
Fri Jul 25 18:15:41 CEST 2008
Martijn Faassen wrote:
> I think it's unlikely path to try to make pypy-sandbox, a special
> version of PyPy, work in a Zope 2 context right now.
I'm inclined to agree, but I'd avoid writing it off until the PyPy guys
have agreed. I would be surprised if they can pull something out of
their box of tricks here, we may just need to find the right way to
phrase the problem ;-)
At the very least, we should be trying to find the "right" way for
realms beyond Zope 2, which it sounds like both myself and Stefan are
> I think there are two possible paths:
> * try to patch up RestrictedPython by closing any new Python 2.5
> related holes. This would require figuring out what these are.
This has been "the plan", it has, unfortunately, met prettymuch
universal derision from the PyPy guys and silence from Jim :-(
> * reimplement RestrictedPython using zope 3 security proxies
This is only half the problem, though...
> Zope 3 security proxies right now do the following:
> 1) control any attribute access/setting by asking a security policy
> whether it's allowed
> 2) if you call a method on a proxied object, the result will be proxied as well
> 3) if you pass something into a method on a proxied object, the thing
> passed as an argument will be proxied as well.
> I think to implement something like Restricted Python we would need 1
> (with a Zope 2 specific custom security policy) and 2, but not 3. 3
> causes proxies to start spreading through Zope 2 code
Why would they cause havoc? They'd only result from stuff in a python
script calling back into Zope, surely?
It's a shame we can't form a better "blood/brain barrier" that proxies
on the way in and de-proxies on the way out...
> The hope of this strategy is that it's easier to maintain in the face
> of new Python versions than the current RestrictedPython approach.
Right, but there's still the language problems, of which importing is
the most serious, but I'm sure there are more lurking there...
Simplistix - Content Management, Zope & Python Consulting
More information about the Pypy-dev