about candy [Python-Dev] Re: Capabilities

Samuele Pedroni pedronis@bluewin.ch
Wed, 12 Mar 2003 18:53:21 +0100

> attached is a modified version of s.py that takes a filename for the code to
> run inside the RestrictedInterpreter. Also myfunc is now myexc_source . There
> is also a new function candy, next mail on that.

Consider from s.py:

-- * --
from sys import exit

def candy(s):
  if s == "yes":
    return 'candy'
    return 'none'

ri = RestrictedInterpreter()

ri.globals['candy'] = ProxyFactory(candy)


print "OK"
-- * --

No unproxied exceptions, on the other hand both rexec and the prototype
RestrictedIntrepreter supply code with globals() [!], and apply() ...

I have some _even more baroque_ code (xpl2) that exploits candy  and manages to
call sys.exit:

...>\usr\python22\python -i s.py xpl2
Got sys.exit


In this case xpl2 could be rewritten as a single expression of the form:


although that would make for a totally masochistic exercise and a total
obfuscated python entry. No, I haven't done/ tried that :)