[Python-Dev] doc for new restricted execution design for Python
brett at python.org
Tue Jun 27 03:00:58 CEST 2006
On 6/26/06, Ka-Ping Yee <python-dev at zesty.ca> wrote:
> Hi, Brett.
> > I have been working on a design doc for restricted execution of Python
> I'm excited to see that you're working on this.
Yeah, I just hope I have a design that works. =)
> as part of my dissertation for getting Python into Firefox to replace
> Wow. What's your game plan? Do you have a story for convincing the
> Mozilla folks to include Python in the standard Firefox distribution,
> Do you want Python to be used to scripts in web pages, Java-style
> embedded objects, or both? I'm curious to know what you have in mind...
The plan is to allow pure Python code to be embedded into web pages like
As for convincing the Mozilla folks, I want working code first before I try
large applications, which more and more people want. Python provides a more
structured approach to programming that can help facilitate designing large
web applications that have a complicated client-side component. There is
also a large userbase already that I hope will like this and speak up to
say, "I want this!" But otherwise, no, no plan to get Mozilla to go along
with it. =) If they don't pick it up I can probably go with an extension
or something. It is my dissertation; can't expect too much real-world usage
out of it. =)
to do client-side scripting in a web page to be doable in Python instead.
If they want to rewrite parts of Mozilla's UI in Python, then wonderful!
But I would not be hurt or whatever if they didn't bother since that would
people realize Python is better and slowly begin to migrate over. =)
I'll post again with more detailed feedback on your document, but here's
> a general comment. I'd really like to see some worked examples of how
> you want to see restricted execution mode used, in order to motivate
> and evaluate the design and implementation.
The idea is that there be a separate Python interpreter per web browser page
instance. So each tab in Mozilla would be running a Python interpreter. I
follow it within reason. So the main goal is for people who embed the
interpreter and do not need any form of trusted interpreter to run to be
able to easily have an interpreter(s) running in various states of
So, launch an interpreter, set the restrictions, pass in the DOM, and then
execute the Python code in the HTML in this untrusted interpreter.
In particular, how do you envision restricted execution interacting
> with the standard library? ("Not at all" is a possible answer.)
> Are there existing modules or existing Python programs you expect
> to just work using restricted execution mode, or are you willing to
> ask programmers who use restricted execution to adopt a new style?
I expect everything to work within the restricted bounds of security
restrictions turned on for an interpreter. This means that if you allow
file reading you can unpickle a file from disk. But if you don't, then you
can still import 'pickle', but it will fail when you try to use pickle.load()
with a restricted execution exception. That is why I am placing the
security restriction at the import level and then at key points in key
objects (file, socket, sys.stdin, etc.); to minimize possible slip-ups in
security by catching them at the OS/code boundary at the C level in the
I really don't want to ask programmer to adopt a new style. They might have
to change very slightly ("where is the __file__ attribute on modules?"), but
overall I want to minimize as much as possible a shift in Python programming
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-Dev