[Python-Dev] new features for 2.3?
Brett Cannon
bac@OCF.Berkeley.EDU
Mon, 6 Jan 2003 18:26:29 -0800 (PST)
[Guido van Rossum]
> > I have always wondered, why does both ``cPickle`` (which uses camel-style
> > naming which I thought was a no-no) and ``Pickle``? They do exactly the
> > same thing (in theory).
>
> pickle.py is the specification of the protocol; cPickle.c is a
> reimplementation that's up to 1000x faster. I always prototype new
> features in pickle.py.
>
Ah, OK. Makes sense. Thanks for the clarification.
> > Is there any other place where security has been built into
> > something? Sounds like we should do a security inaudit (is that a
> > word?) and rip out pretty much all security code.
>
> There's very little code devoted specifically to security. However,
> there's a feature called "restricted mode", and in restricted mode,
> certain introspections are disallowed. Restricted mode is on when a
> particular stack frame's __builtins__ dictionary isn't the default one
> (which is __builtin__.__dict__ -- note the difference between
> __builtin__, which is a module, and __builtins__, which is a global
> with magic meaning). Read the source for PyFrame_New().
>
And while I am reading that piece of code, anything else I should take a
look at? I am tired of not being able to help out more at the C level but
I don't know where to start to get a good, overall view of the codebase
short of starting at the eval loop and just reading the code that it calls
(as of right now I just want a good, deep understanding of how Python does
internal object representation and how extension modules actually work;
parser can wait for another day =).
> It turns out that in 2.2 and beyond, not enough restrictions were
> placed on disallowing new introspections that were enabled by virtue
> of the class/type integration, and that's the cause of most rexec
> vulnerabilities.
>
Is there any desire to bother to fix this? Or would it be better to just
rip this stuff out and hope some TrustedPython project pops up to take
over rexec, Bastion, and such and do the work of making secure Python
code?
-Brett