[Python-Dev] Implementing restricted Python in Zope2
Phillip J. Eby
pje at telecommunity.com
Thu Jul 17 22:26:12 CEST 2008
At 11:27 AM 7/17/2008 -0700, Brett Cannon wrote:
>On Thu, Jul 17, 2008 at 10:54 AM, ranjith kannikara
><ranjithkannikara at gmail.com> wrote:
> > I have taken the gsoc 08 project of porting zope2 to python2.5.
> > Through my way to the successful completion of the project I have to
> > implement Restricted python in Zope2. I could only get the information
> > that the python AST has not changed on moving from python2.4 to 2.5
> > but Restricted Python is not well documented enough for a stident to
> > test the Zope2 's Restricted Python implentation.
> >
> > As a student I am not familiar with Restricted Python and python AST
> > implementation.And in need of help to start the Restricted Python
> > implementation.
> >
>
>What do you mean, "Restricted Python"? If you mean rexec and Bastion,
>they are no longer supported, and that began before 2.5.
No, he means the restricted Python compiler and capability-proxy
system used by Zope. You know, the one I always bring up whenever
anybody says they want to implement capabilities in Python? ;-)
Zope's restricted Python is basically a combination of a special
compiler, __builtin__ replacements, and a proxy type. Instead of
using LOAD_ATTR opcodes, the compiler generates code that calls a
special getattr() function instead, and most objects other than
relatively-safe builtin types are wrapped in proxies that control
what attributes can be accessed and what operations can be performed.
The restricted Python framework itself doesn't impose any particular
security policy; proxies delegate checks to "checker" objects that
are essentially capabilities. Mostly, it focuses on creating a safe
sandbox that can be expanded.
There are two parts to the implication; one is called
RestrictedPython and lives at:
http://svn.zope.org/RestrictedPython/trunk
The other part is "zope.security.untrustedpython", and it's part of
the zope.security distribution; see:
http://svn.zope.org/zope.security/trunk/src/zope/security/untrustedpython/
for its specific code and docs.
Both packages appear to have automated tests.
More information about the Python-Dev
mailing list