[Python-Dev] new features for 2.3?

Guido van Rossum guido@python.org
Mon, 06 Jan 2003 21:46:09 -0500


> > There's very little code devoted specifically to security.
> > However, there's a feature called "restricted mode", and in
> > restricted mode, certain introspections are disallowed.
> > Restricted mode is on when a particular stack frame's __builtins__
> > dictionary isn't the default one (which is __builtin__.__dict__ --
> > note the difference between __builtin__, which is a module, and
> > __builtins__, which is a global with magic meaning).  Read the
> > source for PyFrame_New().
> 
> And while I am reading that piece of code, anything else I should
> take a look at?  I am tired of not being able to help out more at
> the C level but I don't know where to start to get a good, overall
> view of the codebase short of starting at the eval loop and just
> reading the code that it calls (as of right now I just want a good,
> deep understanding of how Python does internal object representation
> and how extension modules actually work; parser can wait for another
> day =).

For learning how things work, I recommend studying extension module
code rather than the implementation first; then you can follow leads
from the extension.  Or use gdb to step through the C code of an
extension doing something fairly simple.

> > It turns out that in 2.2 and beyond, not enough restrictions were
> > placed on disallowing new introspections that were enabled by
> > virtue of the class/type integration, and that's the cause of most
> > rexec vulnerabilities.
> 
> Is there any desire to bother to fix this?  Or would it be better to
> just rip this stuff out and hope some TrustedPython project pops up
> to take over rexec, Bastion, and such and do the work of making
> secure Python code?

I'd like the restricted mode even if it's not perfect, and I hope one
day it will work again.  It's mostly a matter of lack of brain cycles.

--Guido van Rossum (home page: http://www.python.org/~guido/)