[Python-Dev] file(file)
glyph at divmod.com
glyph at divmod.com
Sat Jan 13 01:54:58 CET 2007
On 12:37 am, brett at python.org wrote:
>For security reasons I might be asking for file's constructor to be
>removed from the type for Python source code at some point (it can be
>relocated to an extension module if desired). By forcing people to go
>through open() to create a file object you can more easily control
>read/write access to the file system (assuming the proper importation
>of extension modules has been blocked). Not removing the constructor
>allows any code that has been explicitly given a file object but not
>open() to just get the class and call the constructor to open a new
>file.
This is a general problem with type access. Secure versions of any type should not allow access to the type period. It is hardly unique to files, and is not limited to constructors either. How do you, e.g., allow a restricted piece of code write access to only a specified area of the filesystem?
More importantly, given the random behavior that open() will be growing (opening sockets? dynamic dispatch on URL scheme???) file() will likely remain a popular way to be sure you are accessing the filesystem.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/python-dev/attachments/20070113/50a2beac/attachment.htm
More information about the Python-Dev
mailing list