[ python-Bugs-1546203 ] bcannon secure branch issues
SourceForge.net
noreply at sourceforge.net
Thu Aug 24 22:57:07 CEST 2006
Bugs item #1546203, was opened at 2006-08-24 12:30
Message generated for change (Comment added) made by bcannon
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1546203&group_id=5470
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: 3rd Party
>Status: Closed
>Resolution: Invalid
Priority: 5
Submitted By: Jim Jewett (jimjjewett)
Assigned to: Brett Cannon (bcannon)
Summary: bcannon secure branch issues
Initial Comment:
Referring to http://svn.python.org/view/python/
branches/bcannon-sandboxing/
securing_python.txt?view=markup but there doesn't seem
to be a group/category for feedback on branches.
The sys module should *not* be shared between
interpreters, even though it is an extension module.
(If need be, each sys module can be a proxy that
itself imports from the "real" sys.) sys should
probably also be filled explicitly on creation, like
builtins. (And the same for os, os.path?)
Note that this will affect which sys.attributes should
be available (perhaps read-only) or hidden by default -
- and that should really only be by default.
For specific examples:
+ some programs modify sys.argv to communicated
between modules. So long as the initial value of
sys.argv is set to something sufficiently discreet,
there should be no problem letting them continue to do
so.
+ The current draft hides sys.subversion (revealing
unpatched bugs?) but shows sys.version (which reveals
the same information, at a coarser grain).
+ getdefaultencoding may compromise privacy
information, particularly for smaller languages.
----------------------------------------------------------------------
>Comment By: Brett Cannon (bcannon)
Date: 2006-08-24 13:57
Message:
Logged In: YES
user_id=357491
The 'sys' module won' be shared since it is unique per
interpreter at the C level.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=1546203&group_id=5470
More information about the Python-bugs-list
mailing list