[Python-Dev] Implementing restricted Python in Zope2
Brett Cannon
brett at python.org
Sat Jul 19 01:36:33 CEST 2008
On Thu, Jul 17, 2008 at 11:42 AM, Shane Hathaway <shane at hathawaymix.org> wrote:
> ranjith kannikara wrote:
>>
>> As a student I am not familiar with Restricted Python and python AST
>> implementation.And in need of help to start the Restricted Python
>> implementation.
>
> Here is some context for Python-Dev.
>
> RestrictedPython is a custom Python compiler that, when combined with a
> restricted environment, provides a sandbox safe enough to allow
> partly-trusted people to write and execute scripts on a Zope server. It has
> been used in Zope 2 for a long time and will have a future in Zope 3. The
> sandbox is more extensive than what the rexec module provides.
>
> The safety of RestrictedPython has been validated in a somewhat formal
> process with Python 2.4. Ranjith is working to validate it with Python 2.5.
> He is first working to discover all changes between Python 2.4 and 2.5 that
> might have affected the safety of a RestrictedPython sandbox. Any changes to
> the AST, builtin functions, methods of builtin types, etc., need to be
> evaluated for safety.
>
> So, in general, he is looking for detailed lists of changes between Python
> 2.4 and 2.5--more than the "What's New" doc.
>
As it has been said, his best chance is to either diff between
versions or look at the log output from svn on the files he cares
about.
-Brett
More information about the Python-Dev
mailing list