[Python-Dev] Security capabilities in Python
python-dev at zesty.ca
Sat Apr 9 23:46:11 CEST 2005
On Sat, 9 Apr 2005, Michael Hudson wrote:
> The funniest I know is part of PyPy:
> def extract_cell_content(c):
> """Get the value contained in a CPython 'cell', as read through
> the func_closure of a function object."""
> # yuk! this is all I could come up with that works in Python 2.2 too
> class X(object):
> def __eq__(self, other):
> self.other = other
> x = X()
> x_cell, = (lambda: x).func_closure
> x_cell == c
> return x.other
That's pretty amazing.
> It would be unfortunate for PyPy (and IMHO, very un-pythonic) if this
> process became impossible.
Not a problem. func_closure is already a restricted attribute.
IMHO, the clean way to do this is to provide a built-in function to
get the cell content in a more direct and reliable way, and then
put that in a separate module with other interpreter hacks.
That both makes it easier to do stuff like this, and easier to prevent
it simply by forbidding import of that module.
More information about the Python-Dev