[Python-Dev] Re: Security capabilities in Python
Fredrik Lundh
fredrik at pythonware.com
Sat Apr 9 19:43:26 CEST 2005
Ka-Ping wrote:
> counter = Counter()
> readonly_facet = facet(counter, ['value'])
>
> If i've done this correctly, it should be impossible to alter the
> contents of the list or the counter, given only the immutable_facet
> or the readonly_facet, after restrict() has been called.
I'm probably missing something, but a straightforward reflection
approach seems to work on my machine:
>>> restrict()
>>> readonly_facet = facet(counter, ['value'])
>>> print readonly_facet.value()
0
>>> readonly_facet.value.im_self.n = "oops!"
>>> print readonly_facet.value()
oops!
>>> class mycounter:
... def value(self): return "muhaha!"
...
>>> readonly_facet.value.im_self.__class__ = mycounter
>>> print readonly_facet.value()
muhaha!
...
>>> readonly_facet.value.im_func.func_globals["readonly_facet"] = myinstance
...
and so on
does that restrict() function really do the right thing, or is my
python install broken?
</F>
More information about the Python-Dev
mailing list