[Python-Dev] Capabilities

Greg Ewing greg@cosc.canterbury.ac.nz
Mon, 31 Mar 2003 14:14:16 +1200 (NZST)

Ka-Ping Yee <ping@zesty.ca>:

> On Sun, 30 Mar 2003, Guido van Rossum wrote:
> > [Ping]
> > > Having access to a particular instance should certainly not allow
> > > one to ask it for its class, and then instantiate the class with
> > > arbitrary constructor arguments.
> >
> > Assuming the Python code in the class itself is not empowered in any
> > special way, I don't see why not.  So that suggests that you assume
> > classes can be empowered.  I can see this for classes implemented in
> > C; but how can classes implemented in pure Python be empowered?
> In many classes, __init__ exercises authority.  An obvious C type with
> the same problem is the "file" type

Yes, I think the solution to this is not to forbid getting
hold of the class of an object, but to design constructors
so that they don't do anything that might be a security

In the case of files, that would mean removing the feature
that file("foo") means the same as open("foo"), so that
only the open() function can open arbitrary files.

Greg Ewing, Computer Science Dept, +--------------------------------------+
University of Canterbury,	   | A citizen of NewZealandCorp, a	  |
Christchurch, New Zealand	   | wholly-owned subsidiary of USA Inc.  |
greg@cosc.canterbury.ac.nz	   +--------------------------------------+