[Python-Dev] Problem between deallocation of modules and func_globals
Brett Cannon
brett at python.org
Sat Jan 20 19:23:30 CET 2007
On 1/20/07, M.-A. Lemburg <mal at egenix.com> wrote:
> On 2007-01-20 00:01, Brett Cannon wrote:
> > On 1/19/07, M.-A. Lemburg <mal at egenix.com> wrote:
> >> On 2007-01-19 22:33, Brett Cannon wrote:
> >>>> That's a typical error situation you get in __del__ methods at
> >>>> the time the interpreter is shut down.
> >>>>
> >>> Yeah, but in this case this is at the end of Py_Initialize() for the
> >>> stuff I am doing to the interpreter. =)
> >> Is that in some error branch of Py_Initialize() ? Otherwise
> >> I don't see how the modules could get garbage-collected.
> >>
> >
> > Nope, it's code I am adding to clean out sys.modules of stuff the user
> > didn't import themselves; it's for security reasons.
>
> I'm not sure whether that's really going to increase
> security: unloading of modules usually isn't safe and you
> cannot be sure that it's possible to reinitialize a C
> module once it has been loaded in the process. For Python
> modules this is often possible, but there still may be
> side-effects of the import that you cannot easily undo.
>
> Perhaps you should just move those modules out to a different
> dictionary and keep track of it in the import mechanism, so
> that while you can't access the module directly via sys.modules,
> the import mechanism still knows that it has been loaded and
> reinserts it into sys.modules if it gets imported again.
>
That's an idea.
> I think that you get more security by explicitly
> limiting which modules and packages you allow to be imported
> in the first place and restricting what can be done with
> sys.path and sys.modules.
>
That's what I am doing. I just wanted to simplify things by having
import not worry about what is already in sys.modules and just always
assume what is there is safe.
-Brett
More information about the Python-Dev
mailing list