[Python-Dev] new security doc using object-capabilities

Brett Cannon brett at python.org
Sat Jul 22 19:30:23 CEST 2006


On 7/22/06, Armin Rigo <arigo at tunes.org> wrote:
> Re-hi,
>
> On Wed, Jul 19, 2006 at 03:35:45PM -0700, Brett Cannon wrote:
> >
http://svn.python.org/view/python/branches/bcannon-sandboxing/securing_python.txt?rev=50717&view=log
.
>
> I'm not sure I understand what you propose to fix holes like
> constructors and __subclasses__: it seems that you want to remove them
> altogether (and e.g. make factory functions instead).  That would
> completely break all programs, right?

Not altogether, just constructors on select types who are considered
dangerous from a security standpoint.  The breakage won't be horrible, but
it will be there for advanced Python code.

I will try to make the wording more clear when I get back to work on
Tuesday.

>  I mean, there is no way such
> changes would go into mainstream CPython.

If this has to wait until Py3k then so be it.

>  Or do you propose to maintain
> a CPython branch manually for the foreseeable future?  (From experience
> this is a bad idea...)
>

Yeah, not my idea of fun either, but since this is a long term project, I
will at least need to for the foreseeable future.

-Brett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/python-dev/attachments/20060722/3f1b39e2/attachment.htm 


More information about the Python-Dev mailing list