[Python-Dev] doc for new restricted execution design for Python

Brett Cannon brett at python.org
Thu Jun 29 19:21:14 CEST 2006

On 6/28/06, Mark Hammond <mhammond at skippinet.com.au> wrote:
> Bob writes:
> > I don't know how JavaScript is doing it yet.  The critical thing
> > for me for this month was trying to come up with a security model.
> I don't fully understand how JS does it either, certainly not in any
> detail.
> I know that it uses the concept of a "principal" (the IDL file can be seen
> at http://lxr.mozilla.org/seamonkey/source/caps/idl/nsIPrincipal.idl) and
> I
> think that the absence of any principals == "trusted code".  I believe the
> principals are obtained either from the JS stack, or from the "event
> source"
> and a few other obscure exceptions.  There is also lots of C code littered
> with explicit "is this code trusted" calls that makes implicit and
> explicit
> javascript assumptions - not particularly deep assumptions, but they
> exist.

Yeah.  Luckily I am interning at Google this summer and so I have access to
some Mozilla people internally to get help in pointing me in the right
direction.  =)

Cross-language calls will also need consideration.  JS will be able to
> implicitly or explicitly call Python functions, which again will
> implicitly
> or explicitly call JS functions.  Some of those frames will always be
> unrestricted (ie, they are "components" - often written in C++, they can
> do
> *anything*), but some will not.  We have managed to punt on that given
> that
> Python is currently always unrestricted.

How to work with JS will need to be dealt with eventually.

In the early stages though, Mozilla is happy to have Python enabled only for
> trusted sources - that means it is limited to Mozilla extensions, or even
> a
> completely new app using the Mozilla framework.  From a practical
> viewpoint,
> that helps "mozilla the platform" more than it helps "firebox the browser"
> etc.  This sandboxing would help the browser, which is great!

Yep!  Also, to help with the "contribution to the field" part of my
dissertation I hope to help develop ways to make developing web apps with
Python easier and better than with JS.  So the goal is to just make it a
no-brainer to dev with Python on the web.

I'm confident that when the time comes we will get the ear of Brendan Eich
> to help steer us forward.


Mark, can you email me (publically or privately, don't care) links and stuff
about pyXPCOM so that when I start working on stuff I know where you are at
and such with integration?  Obviously I want to keep you in the loop overall
on this whole endeavour.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/python-dev/attachments/20060629/ae62cb53/attachment.html 

More information about the Python-Dev mailing list