[Python-Dev] new security doc using object-capabilities
David Hopwood
david.nospam.hopwood at blueyonder.co.uk
Sun Jul 23 03:18:48 CEST 2006
Armin Rigo wrote:
> Re-hi,
>
> On Wed, Jul 19, 2006 at 03:35:45PM -0700, Brett Cannon wrote:
>
>>http://svn.python.org/view/python/branches/bcannon-sandboxing/securing_python.txt?rev=50717&view=log.
>
> I'm not sure I understand what you propose to fix holes like
> constructors and __subclasses__: it seems that you want to remove them
> altogether (and e.g. make factory functions instead). That would
> completely break all programs, right? I mean, there is no way such
> changes would go into mainstream CPython.
If I understand correctly, the proposal is that any incompatible changes
to the language would apply only in "sandboxed" interpreters. So there is
no reason why support for these couldn't go into the main branch.
Of course we want to minimize the changes that will need to be made to
programs and libraries to make them work in a sandboxed interpreter, but
not at the expense of security. Some incompatible changes will be necessary.
--
David Hopwood <david.nospam.hopwood at blueyonder.co.uk>
More information about the Python-Dev
mailing list