[Python-Dev] Reviving restricted mode?
Guido van Rossum
guido at python.org
Mon Feb 23 04:56:20 CET 2009
On Sun, Feb 22, 2009 at 7:39 PM, P.J. Eby <pje at telecommunity.com> wrote:
> At 08:45 AM 2/22/2009 -0800, Guido van Rossum wrote:
>>
>> I've received some enthusiastic emails from someone who wants to
>> revive restricted mode. He started out with a bunch of patches to the
>> CPython runtime using ctypes, which he attached to an App Engine bug:
>>
>> http://code.google.com/p/googleappengine/issues/detail?id=671
>>
>> Based on his code (the file secure.py is all you need, included in
>> secure.tar.gz) it seems he believes the only security leaks are
>> __subclasses__, gi_frame and gi_code. (I have since convinced him that
>> if we add "restricted" guards to these attributes, he doesn't need the
>> functions added to sys.)
>>
>> I don't recall the exploits that Samuele once posted that caused the
>> death of rexec.py -- does anyone recall, or have a pointer to the
>> threads?
>
> Just a question, but, if you just need a pure-python restricted environment
> for App Engine, why not just use the RestrictedPython package (i.e.,
> http://pypi.python.org/pypi/RestrictedPython )?
How does that work? Remember, app engine doesn't support certain
things, and bytecode manipulations (if that's what RestrictedPython
does) are one of the unsupported things.
The other reason I can think of is that Tav is a capabilities purist. :-)
--
--Guido van Rossum (home page: http://www.python.org/~guido/)
More information about the Python-Dev
mailing list