[Python-Dev] Re: Capabilities - published interfaces

Luke Kenneth Casson Leighton lkcl at lkcl.net
Sat Dec 20 10:30:22 EST 2003


On Sat, Dec 20, 2003 at 10:16:29AM -0500, Aahz wrote:

> >  as python moves into a more mainstream acceptance, it becomes more
> >  of an issue to let the kiddies bash themselves with rubber hammers.
> 
> That's an assertion.  I think to a certain extent you'll need to prove
> your assertion.
 
  'm a bit worried that such proofs would involve painting
  large metal hammers and covering them in plastic to make them
  look less real.

  the resultant cracked skills could possibly land someone in jail.

> Supposedly there's a middle ground of untrusted but non-hostile code,
> but what's the point of providing support for that?

 the example that i gave that was because i wanted to offer a subset
 of python functionality to end-users such that they could run
 DNS lookups, pings, check a web page existed, telnet to a box,
 run commands and check the output.

 so it's running a user's python code on a server where there is a
 networked host being analysed by the user.

 what i _didn't_ want to happen was for that user to run code on
 the server that could damage the server and interfere with the
 100 or so _other_ programs running to analyse 100 _other_ hosts.

 the whole point of using python was to avoid having to write an new
 programming language.

 what i came up with was very very useful.

 to some extent, i didn't care about things like __class__ because
 1) the users weren't that bright.
 2) the user's weren't that hostile.


 rexec fitted the requirements perfectly - and it still does: it's
 just been disabled and also changed into something that stops even
 the library functions from writing to log files.
 i couldn't even use the MySQLdb module which was kinda critical to
 the database-driven backend.

 l.



More information about the Python-Dev mailing list