[Python-Dev] what can we do to hide the 'file' type?
Michael Chermside
mcherm at mcherm.com
Thu Jul 6 17:31:27 CEST 2006
Armin Rigo writes:
> I don't think I can "sign off" [on hiding the file type]. Really hiding
> Python objects is quite hard IMHO.
I agree. But we don't have to give up yet. How about instead of hiding
file, we cripple it. Completely. Modify the file type so that when
executing on a sandboxed interpreter, all of the dangerous methods
and attributes of file throw exceptions.
Then we create a separate thing (in C) called a "SecureFileWrapper".
It has methods that are passed a reference to a file object and
can invoke the methods without error. We provide a means for obtaining
a SecureFileWrapper bound to a given file (perhaps open()).
Essentially, we give up on hiding file, which is a frequently-used
type, and very hard to hide, and instead we rely on our ability to
write a reliably secure "SecureFileWrapper" class (in C).
-- Michael Chermside
More information about the Python-Dev
mailing list