[Python-Dev] Capabilities in Python
Jeremy Hylton
jeremy@zope.com
10 Mar 2003 11:59:26 -0500
On Sun, 2003-03-09 at 07:03, Guido van Rossum wrote:
> [Jim]
> > You don't need restricted execution to make proxies work.
>
> Um, I think that's a dangerous mistake, or a confusion in terminology.
>
> Without restricted execution, untrusted code would have access to
> sys.modules, and from there it would be able to access
> removeAllProxies.
Guido and I discovered that we were not using the same terminology in
our own discussions. Guido suggests the following terms:
rexec -- the rexec module in the Python standard library
restricted execution -- the features in the Python code depending on
PyEval_GetRestricted().
We still need a term to refer to an arbitrary mechanism for providing a
secure environment for untrusted code. (I had been using "restricted
execution" to mean this.) Perhaps a "safe interpreter"?
Jeremy