[Python-Dev] doc for new restricted execution design for Python

[Brett Cannon]

On 7/5/06, Michael Chermside <mcherm at mcherm.com> wrote:
>
> Ka-Ping Yee writes:
> > If you mean getting from a trusted interpreter to an untrusted
> > interpreter -- then how is a resource going to travel between
> > interpreters?
>
> Brett Cannon responds:
> > Beats me, but I am always scared of Armin and Samuele.  =)
>
> Okay, those two scare me also, but I would still rather not
> spread FUD.


I don't consider it FUD.  Armin in an email said that he thought it was a
losing battle to try to hide 'file' from an interpreter.  That is what I am
worried about, period.  Everythign else can be protected through resource
hiding.

Your proposal contains lots of details about how to
> address the danger that Python objects can cross from one
> interpreter to another. Could we instead attack that straight-on
> and try to find a convincing proof that objects cannot possibly
> cross the interpreter barrier? If so, it would simplify a bit
> of your proposal, and make me feel a little less worried.


As I said to Ping, if people *really* think this is doable and are willing
to help out with this, then fine, I am willing to give this a shot.  But I
know I don't personally know enough about every random corner of the code
base like Armin and Samuele know in order to feel comfortable in claiming I
can pull this off by myself.

-Brett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/python-dev/attachments/20060705/db937623/attachment.htm