[Python-Dev] doc for new restricted execution design for Python
brett at python.org
Thu Jun 29 19:21:14 CEST 2006
On 6/28/06, Mark Hammond <mhammond at skippinet.com.au> wrote:
> Bob writes:
> > for me for this month was trying to come up with a security model.
> I don't fully understand how JS does it either, certainly not in any
> I know that it uses the concept of a "principal" (the IDL file can be seen
> at http://lxr.mozilla.org/seamonkey/source/caps/idl/nsIPrincipal.idl) and
> think that the absence of any principals == "trusted code". I believe the
> principals are obtained either from the JS stack, or from the "event
> and a few other obscure exceptions. There is also lots of C code littered
> with explicit "is this code trusted" calls that makes implicit and
Yeah. Luckily I am interning at Google this summer and so I have access to
some Mozilla people internally to get help in pointing me in the right
Cross-language calls will also need consideration. JS will be able to
> implicitly or explicitly call Python functions, which again will
> or explicitly call JS functions. Some of those frames will always be
> unrestricted (ie, they are "components" - often written in C++, they can
> *anything*), but some will not. We have managed to punt on that given
> Python is currently always unrestricted.
How to work with JS will need to be dealt with eventually.
In the early stages though, Mozilla is happy to have Python enabled only for
> trusted sources - that means it is limited to Mozilla extensions, or even
> completely new app using the Mozilla framework. From a practical
> that helps "mozilla the platform" more than it helps "firebox the browser"
> etc. This sandboxing would help the browser, which is great!
Yep! Also, to help with the "contribution to the field" part of my
dissertation I hope to help develop ways to make developing web apps with
Python easier and better than with JS. So the goal is to just make it a
no-brainer to dev with Python on the web.
I'm confident that when the time comes we will get the ear of Brendan Eich
> to help steer us forward.
Mark, can you email me (publically or privately, don't care) links and stuff
about pyXPCOM so that when I start working on stuff I know where you are at
and such with integration? Obviously I want to keep you in the loop overall
on this whole endeavour.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-Dev