[Python-Dev] Capabilities in Python
Mon, 10 Mar 2003 06:41:19 -0500
Guido van Rossum wrote:
>>You don't need restricted execution to make proxies work.
> Um, I think that's a dangerous mistake, or a confusion in terminology.
All I'm saying is that the proxy mechanism itself doesn't rely on
> Without restricted execution, untrusted code would have access to
> sys.modules, and from there it would be able to access
All we need to be able to do is control imports. It turns out that
to prevent access to sys.modules, we have to replace __builtins__,
which has the side-effect of enabling restricted execution. You
don't need anything but the ability to restrict imports and other
unproxied access to sys.modules to use proxies.
Jim Fulton mailto:firstname.lastname@example.org Python Powered!
CTO (888) 344-4332 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org