[Python-checkins] r52331 - python/branches/bcannon-objcap/securing_python.txt
brett.cannon
python-checkins at python.org
Sat Oct 14 20:46:32 CEST 2006
Author: brett.cannon
Date: Sat Oct 14 20:46:32 2006
New Revision: 52331
Modified:
python/branches/bcannon-objcap/securing_python.txt
Log:
Add comment about something to watch out for when new import lands and
inheriting abilities for the sys data dict is dealt with.
Modified: python/branches/bcannon-objcap/securing_python.txt
==============================================================================
--- python/branches/bcannon-objcap/securing_python.txt (original)
+++ python/branches/bcannon-objcap/securing_python.txt Sat Oct 14 20:46:32 2006
@@ -27,6 +27,12 @@
- open()
- __import__() / PEP 302 importer (`Imports`_) <critical>
* Make sure importing built-in modules can be blocked.
+ * Make sure that no abilities are exposed by importers since
+ they will be accessible from inheritance through sys data
+ dict for any created interpreters.
+ + Do not inject full sys module.
+ + Most likely will need to wrap built-in importer so as to
+ be able to effectively block access to sys.
- execfile()
* Force to go through open()
+ Prevents opening unauthorized files.
More information about the Python-checkins
mailing list