[Python-Dev] Capabilities in Python

Jim Fulton jim@zope.com
Mon, 10 Mar 2003 06:31:16 -0500

Guido van Rossum wrote:
> [Jim]
>>You don't need restricted execution to make proxies work.
> Um, I think that's a dangerous mistake, or a confusion in terminology.

All I'm saying is that the proxy mechanism itself doesn't rely on
restricted execution.

> Without restricted execution, untrusted code would have access to
> sys.modules, and from there it would be able to access
> removeAllProxies.

All we need to be able to do is control imports.  It turns out that
to prevent access to sys.modules, we have to replace __builtins__,
which has the side-effect of enabling restricted execution. You
don't need anything but the ability to restrict imports and other
unproxied access to sys.modules to use proxies.


Jim Fulton           mailto:jim@zope.com       Python Powered!
CTO                  (888) 344-4332            http://www.python.org
Zope Corporation     http://www.zope.com       http://www.zope.org