[Python-Dev] Security capabilities in Python

Ka-Ping Yee python-dev at zesty.ca
Sat Apr 9 23:46:11 CEST 2005

On Sat, 9 Apr 2005, Michael Hudson wrote:
> The funniest I know is part of PyPy:
> def extract_cell_content(c):
>     """Get the value contained in a CPython 'cell', as read through
>     the func_closure of a function object."""
>     # yuk! this is all I could come up with that works in Python 2.2 too
>     class X(object):
>         def __eq__(self, other):
>             self.other = other
>     x = X()
>     x_cell, = (lambda: x).func_closure
>     x_cell == c
>     return x.other

That's pretty amazing.

> It would be unfortunate for PyPy (and IMHO, very un-pythonic) if this
> process became impossible.

Not a problem.  func_closure is already a restricted attribute.

IMHO, the clean way to do this is to provide a built-in function to
get the cell content in a more direct and reliable way, and then
put that in a separate module with other interpreter hacks.

That both makes it easier to do stuff like this, and easier to prevent
it simply by forbidding import of that module.

-- ?!ng

More information about the Python-Dev mailing list