[Python-Dev] Capabilities in Python

Ben Laurie ben@algroup.co.uk
Mon, 03 Mar 2003 17:56:20 +0000

Guido van Rossum wrote:
>>I'm told that proxies actually rely on rexec, too. So, I guess whichever 
>>approach you take, you need rexec.
> Yes and no.  It's unclear what *you* mean when you say "rexec".  There
> is a standard module by that name that employs Python's support for
> tighter security and sets up an entire restricted execution
> environment.  And then there's the underlying facilities in Python,
> which allow you to override __import__ and all other built-ins; this
> facility is often called "restricted execution."  Zope security
> proxies rely on the latter facilities, but not on the rexec module.
> I suggest that in order to avoid confusion, you should use "restricted
> execution" when that's what you mean, and use "rexec" only to refer to
> the standard module by that name.

OK, I mean restricted execution.

>>The problem is that although you can think about proxies as being like a 
>>segmented architecture, you have to enforce that segmentation. And that 
>>means doing so throughout the interpreter, doesn't it? I suppose it 
>>might be possible to abstract things in some way to make that less 
>>widespread, but probably not without having an adverse impact on speed.
> The built-in restricted execution facilities indeed do distinguish
> between two security domains: restricted and unrestricted.  In
> restricted mode, certain introspection APIs are disallowed.
> Restricted execution is enabled as soon as a particular global scope's
> __builtins__ is not the standard __builtins__, which is by definition
> the __dict__ of the __builtin__ module (note __builtin__, which is a
> module, vs. __builtins__, which is a global).

Oh, I understand that, but the complaint was that it is spread all over 
the interpreter. One of the nice thing about hardware enforced 
segmentation is that you have a high assurance that it really is segemented.



http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff