[Python-Dev] doc for new restricted execution design for Python
Nick Coghlan
ncoghlan at gmail.com
Fri Jul 7 13:45:04 CEST 2006
Greg Ewing wrote:
> Another thing I perhaps should point out is that
> I'm proposing the separation of open() and file()
> for *all* code, not just restricted code. So it's
> not a matter of "crippling" file() specially for
> restricted code.
What would the signature of the file constructor be in that case? Would it
accept a single CObject instance, with open() bypassing the normal
constructor, and handing the file pointer directly to the file object instance?
It seems like a reasonable approach for making 'dangerous' objects like file
and socket much easier to secure - have a separate factory function to create
*new* instances at the C level, so that you can hand the objects over without
worrying about providing access to the constructor (because the constructor
*accepts* the OS-level object as an argument, rather than creating it anew).
Alternatively, using a "no-Python-level-introspection" metaclass might be
another way to achieve the same effect in a more universal fashion.
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
---------------------------------------------------------------
http://www.boredomandlaziness.org
More information about the Python-Dev
mailing list