[Python-3000] Cross-interpreter FFI for Python 3000?

Alexander Schremmer 2006a at usenet.alexanderweb.de
Wed Aug 9 01:08:50 CEST 2006


On Tue, 8 Aug 2006 14:31:59 -0700, Guido van Rossum wrote:

> Isn't a problem with ctypes that such extensions can no longer
> guarantee "no segfaults"? 

How would you guarantee the "no segfaults" policy for every other bindings
involved?  In either case, auditing an extension written using ctypes or
rctypes is potentially simpler than looking at Pyrex or C code. (Think of
memory management, ref counting etc.)

> This pretty much completely rules them out for use in sandboxes such 
> as what Brett Cannon is currently working on.

Of course you will have severe problems if you allow somebody to do
unprotected calls to dynamic libraries.  But at least I am not sure if this
a problem of using CTypes ... it should be possible to e.g. flag the code
using CTypes classes to be in a different security class than the
user-sandboxed code. Building the barrier on the C level might be too
restrictive in real world applications.

> With hand-written extensions at least you can audit them to decide
> whether they are safe enough.

Please elaborate on that point - why isn't a ctypes extension
"hand-written"?

Kind regards,
Alexander



More information about the Python-3000 mailing list