[Python-Dev] Capabilities in Python
Jim Fulton
jim@zope.com
Mon, 10 Mar 2003 06:41:19 -0500
Guido van Rossum wrote:
> [Jim]
>
>>You don't need restricted execution to make proxies work.
>
>
> Um, I think that's a dangerous mistake, or a confusion in terminology.
All I'm saying is that the proxy mechanism itself doesn't rely on
restricted execution.
> Without restricted execution, untrusted code would have access to
> sys.modules, and from there it would be able to access
> removeAllProxies.
All we need to be able to do is control imports. It turns out that
to prevent access to sys.modules, we have to replace __builtins__,
which has the side-effect of enabling restricted execution. You
don't need anything but the ability to restrict imports and other
unproxied access to sys.modules to use proxies.
Jim
--
Jim Fulton mailto:jim@zope.com Python Powered!
CTO (888) 344-4332 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org