[Python-Dev] Re: Capabilities

Ben Laurie ben@algroup.co.uk
Sat, 08 Mar 2003 18:09:46 +0000

Guido van Rossum wrote:
>>What I am trying to nail down is exactly what needs doing to get us
>>from where we are now to where capabilities actually work. As I
>>understand it, what is needed is:
>>a) Fix restricted execution, which is in a state of disrepair
> Yes.
>>b) Override import, open (and other stuff? what?)
> Don't worry about this; it's taken care of by the rexec module; each
> application will probably want to do this a little differently
> (certainly Zope has its own way).

I believe I heard way back that there was a lack of confidence rexec 
overrode everything that needed overriding - or am I getting mixed up 
with restricted execution?

>>c) Wrap or replace some of the existing libraries, certify that others 
>>are "safe"
> This should only be necessary for (core and 3rd party) extension
> modules.  The rexec module has a framework for this.
>>It looks to me like a and b are shared with proxies, and c would be 
>>different, by definition. Is there anything else? Am I on the wrong track?
> I don't know why you think (c) is different.

Because with proxies you'd wrap with proxies, and with capabilities 
you'd wrap with capabilities. Or do you think there's a way that would 
work for both (which would, of course, be great)?



http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff