[Python-Dev] Re: Security capabilities in Python

Fredrik Lundh fredrik at pythonware.com
Sat Apr 9 19:43:26 CEST 2005

Ka-Ping wrote:

>     counter = Counter()
>     readonly_facet = facet(counter, ['value'])
> If i've done this correctly, it should be impossible to alter the
> contents of the list or the counter, given only the immutable_facet
> or the readonly_facet, after restrict() has been called.

I'm probably missing something, but a straightforward reflection
approach seems to work on my machine:

>>> restrict()
>>> readonly_facet = facet(counter, ['value'])
>>> print readonly_facet.value()
>>> readonly_facet.value.im_self.n = "oops!"
>>> print readonly_facet.value()
>>> class mycounter:
...     def value(self): return "muhaha!"
>>> readonly_facet.value.im_self.__class__ = mycounter
>>> print readonly_facet.value()
>>> readonly_facet.value.im_func.func_globals["readonly_facet"] = myinstance

and so on

does that restrict() function really do the right thing, or is my
python install broken?


More information about the Python-Dev mailing list