[Python-Dev] Re: Whither rexec?

[Guido van Rossum]

[MAL]
> >>If you only want to secure a few objects, then mxProxy can
> >>help you with this: it allows access management at C level
> >>on a per-method basis and also via callbacks...
> >>
> >>	http://www.egenix.com/files/python/mxProxy.html

> Guido van Rossum wrote:
> > Zope3 has a similar proxy feature.  But I think that the safety of
> > proxies still relies on there not being backdoors, and the new-style
> > class code has added too many of those.

[MAL]
> mxProxy stores a reference to the object in a C Proxy object
> and then manages access to this object through the Proxy methods
> and attributes. Provided that no other reference to the wrapped
> Python object exist in the interpreter, the only way to get at
> the object is via hacking the C code, ie. by using a special
> extension which knows how to extract the C pointer to the object
> from the Proxy object.

Yes, this is exactly what Zope3 does (apart from details).  The
*provided* clause is the scheme's weakness, of course -- it's not
always possible to have no unproxied references to an object.  At
least, in Zope it's not possible, because proxies can't be pickled,
and we use this for persistent objects, so the unproxied objects are
also held somewhere (if only temporarily).

> Now, the Proxy object knows that e.g. bound methods of the
> object contain a reference to the object itself and rewraps the
> method in a way which hides the pointer to self.

Zope3 proxies do this too.

> I don't know whether the new class code has added more backdoors of
> this kind. If so, I'd appreciate some details or references, so that
> I can add support for these to mxProxy as well.

The point of this thread is that at this point nobody knows about all
the backdoors that might exist.

--Guido van Rossum (home page: http://www.python.org/~guido/)