[Python-checkins] r52331 - python/branches/bcannon-objcap/securing_python.txt

brett.cannon python-checkins at python.org
Sat Oct 14 20:46:32 CEST 2006


Author: brett.cannon
Date: Sat Oct 14 20:46:32 2006
New Revision: 52331

Modified:
   python/branches/bcannon-objcap/securing_python.txt
Log:
Add comment about something to watch out for when new import lands and
inheriting abilities for the sys data dict is dealt with.


Modified: python/branches/bcannon-objcap/securing_python.txt
==============================================================================
--- python/branches/bcannon-objcap/securing_python.txt	(original)
+++ python/branches/bcannon-objcap/securing_python.txt	Sat Oct 14 20:46:32 2006
@@ -27,6 +27,12 @@
     - open()
     - __import__() / PEP 302 importer (`Imports`_) <critical>
         * Make sure importing built-in modules can be blocked.
+        * Make sure that no abilities are exposed by importers since
+          they will be accessible from inheritance through sys data
+          dict for any created interpreters.
+            + Do not inject full sys module.
+            + Most likely will need to wrap built-in importer so as to
+              be able to effectively block access to sys.
     - execfile()
         * Force to go through open()
             + Prevents opening unauthorized files.


More information about the Python-checkins mailing list