[Python-Dev] In defense of Capabilities [was: doc for new restricted execution design for Python]
Brett Cannon
brett at python.org
Thu Jul 6 03:09:54 CEST 2006
On 7/5/06, Greg Ewing <greg.ewing at canterbury.ac.nz> wrote:
>
> Michael Chermside wrote:
>
> > That leaves the other problem: auxiliary means of accessing
> > objects. There are things like gc.get_objects(). In the special
> > case of file, which is a type that's also dangerous, there are
> > tricks like "object().__class__.__subclasses__()".
>
> My approach to that would be to not provide access to
> these kinds of things via attributes, but via builtin
> functions. E.g there wouldn't be a __subclasses__
> attribute, but a subclasses() function. Then that
> capability can be denied by not providing that
> function.
__subclasses__ is a function. And yes, if we go this route, that is what
would happen most likely. The trick is figuring out any and all ways one
can get to 'file' from a standard interpreter prompt.
-Brett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/python-dev/attachments/20060705/796de055/attachment.htm
More information about the Python-Dev
mailing list