[Python-Dev] Reviving restricted mode?
Guido van Rossum
guido at python.org
Mon Feb 23 16:10:05 CET 2009
On Sun, Feb 22, 2009 at 8:14 PM, P.J. Eby <pje at telecommunity.com> wrote:
> At 07:56 PM 2/22/2009 -0800, Guido van Rossum wrote:
>>
>> On Sun, Feb 22, 2009 at 7:39 PM, P.J. Eby <pje at telecommunity.com> wrote:
>> > Just a question, but, if you just need a pure-python restricted
>> > environment
>> > for App Engine, why not just use the RestrictedPython package (i.e.,
>> > http://pypi.python.org/pypi/RestrictedPython )?
>>
>> How does that work? Remember, app engine doesn't support certain
>> things, and bytecode manipulations (if that's what RestrictedPython
>> does) are one of the unsupported things.
>
> It doesn't modify bytecode, it modifies an AST. It basically replaces
> prints, and attribute/item read/writes with function calls.
If it rewrites *every* attribute read/write with a function call that
can get really expensive. Are you saying it also replaces
getitem/setitem? Even worse.
> Unfortunately,
> it does this AST modification by running as a traversal against the stdlib
> compiler package's AST, not a modern AST. So, I suppose it might not be
> usable as-is on app engine.
Actually, its essential components are easily retrieved through a hack
(Google for it ;-). If I weren't so busy I would have made it
importable a long time agon.
> It does, however, have the advantage of having been used in Zope for oh, six
> or seven years now? ISTM that it first came out around the same time as
> Python 2.3, and the latest version just dropped support for Python 2.1 and
> 2.2. So, if you want something that wasn't thrown together in an afternoon,
> it might be a good thing to take a look at. ;-)
>
>
>> The other reason I can think of is that Tav is a capabilities purist. :-)
>
> You can implement capabilities on top of RestrictedPython; it's simply a
> policy-neutral enforcement framework.
>
>
--
--Guido van Rossum (home page: http://www.python.org/~guido/)
More information about the Python-Dev
mailing list