[Python-checkins] r51892 - python/branches/bcannon-objcap/securing_python.txt

[brett.cannon]

Author: brett.cannon
Date: Fri Sep 15 20:49:41 2006
New Revision: 51892

Modified:
   python/branches/bcannon-objcap/securing_python.txt
Log:
Add notes  about issue with setting built-ins to a new dict and another
possible place __del__ could be a problem.


Modified: python/branches/bcannon-objcap/securing_python.txt
==============================================================================
--- python/branches/bcannon-objcap/securing_python.txt	(original)
+++ python/branches/bcannon-objcap/securing_python.txt	Fri Sep 15 20:49:41 2006
@@ -43,9 +43,13 @@
       interrupt_main() not per-interpreter, and stack_size() can be
       dangerous)
 + Create sandboxed interpreter stdlib module <critical>
-    - Be able to specify built-ins [done]
-    - Set 'sys' module settings [done]
-    - Set 'sys.modules' [done]
+    - Be able to specify built-ins
+        * XXX frames cache built-ins, so setting to a new dict does
+          not get propagated; need to either change ability to assign
+          to built-ins or add functions that allow to set and delete
+          keys individually.
+    - Set 'sys' module settings
+    - Set 'sys.modules'
     - API
         * Python
         * C
@@ -598,6 +602,9 @@
 
 * ``__del__`` created in sandboxed interpreter but object is cleaned
   up in unprotected interpreter.
+  - XXX Watch out for objects being set in __builtin__.__dict__ and
+    thus not cleaned up until the interpreter object is deleted and
+    thus possibly executed in the creator's environment!
 * Using frames to walk the frame stack back to another interpreter.
 * XXX A generator's execution frame?