[Python-Dev] Re: Capabilities - published interfaces
Luke Kenneth Casson Leighton
lkcl at lkcl.net
Sat Dec 20 10:30:22 EST 2003
On Sat, Dec 20, 2003 at 10:16:29AM -0500, Aahz wrote:
> > as python moves into a more mainstream acceptance, it becomes more
> > of an issue to let the kiddies bash themselves with rubber hammers.
>
> That's an assertion. I think to a certain extent you'll need to prove
> your assertion.
'm a bit worried that such proofs would involve painting
large metal hammers and covering them in plastic to make them
look less real.
the resultant cracked skills could possibly land someone in jail.
> Supposedly there's a middle ground of untrusted but non-hostile code,
> but what's the point of providing support for that?
the example that i gave that was because i wanted to offer a subset
of python functionality to end-users such that they could run
DNS lookups, pings, check a web page existed, telnet to a box,
run commands and check the output.
so it's running a user's python code on a server where there is a
networked host being analysed by the user.
what i _didn't_ want to happen was for that user to run code on
the server that could damage the server and interfere with the
100 or so _other_ programs running to analyse 100 _other_ hosts.
the whole point of using python was to avoid having to write an new
programming language.
what i came up with was very very useful.
to some extent, i didn't care about things like __class__ because
1) the users weren't that bright.
2) the user's weren't that hostile.
rexec fitted the requirements perfectly - and it still does: it's
just been disabled and also changed into something that stops even
the library functions from writing to log files.
i couldn't even use the MySQLdb module which was kinda critical to
the database-driven backend.
l.
More information about the Python-Dev
mailing list