[Python-Dev] PEP 318: Security use case
Samuele Pedroni
pedronis at bluewin.ch
Wed Mar 31 08:22:19 EST 2004
At 09:06 30.03.2004 -0500, Jeremy Hylton wrote:
>On Tue, 2004-03-30 at 06:17, Ka-Ping Yee wrote:
> > Inner scopes are one of the best places to hide things in Python;
> > they are very difficult to get at. (I can't seem to find any
> > special attributes that access the values inside them, and even
> > if there is a way, it would be easy to imagine a restricted
> > execution mode that wouldn't expose them.)
>
>It's by design that there is no meta way to get at bindings for free
>variables. I don't think I said anything about at in the PEP, but I was
>thinking of JAR's thesis (http://mumble.net/~jar/pubs/secureos/).
the only way I know to get at them is something like this (someone once
asked on comp.lang.python):
>>> def mk_acc(x=None):
... return lambda: x
...
>>> acc = mk_acc()
>>> import new
>>> def deref(cell):
... return new.function(acc.func_code,{},"#deref",(),(cell,))()
...
>>> def mk_test(y='foo'):
... return lambda : y
...
>>> deref(mk_test().func_closure[0])
'foo'
>>>
so yes: they are difficult to get at, it's easy to imagine a restricted
execution mode that wouldn't expose them, i.e. that wouldn't be hard part
of such a design.
More information about the Python-Dev
mailing list