[Python-Dev] Reviving restricted mode?

[Guido van Rossum]

On Sun, Feb 22, 2009 at 8:14 PM, P.J. Eby <pje at telecommunity.com> wrote:
> At 07:56 PM 2/22/2009 -0800, Guido van Rossum wrote:
>>
>> On Sun, Feb 22, 2009 at 7:39 PM, P.J. Eby <pje at telecommunity.com> wrote:
>> > Just a question, but, if you just need a pure-python restricted
>> > environment
>> > for App Engine, why not just use the RestrictedPython package (i.e.,
>> > http://pypi.python.org/pypi/RestrictedPython )?
>>
>> How does that work? Remember, app engine doesn't support certain
>> things, and bytecode manipulations (if that's what RestrictedPython
>> does) are one of the unsupported things.
>
> It doesn't modify bytecode, it modifies an AST.  It basically replaces
> prints, and attribute/item read/writes with function calls.

If it rewrites *every* attribute read/write with a function call that
can get really expensive. Are you saying it also replaces
getitem/setitem? Even worse.

> Unfortunately,
> it does this AST modification by running as a traversal against the stdlib
> compiler package's AST, not a modern AST.  So, I suppose it might not be
> usable as-is on app engine.

Actually, its essential components are easily retrieved through a hack
(Google for it ;-). If I weren't so busy I would have made it
importable a long time agon.

> It does, however, have the advantage of having been used in Zope for oh, six
> or seven years now?  ISTM that it first came out around the same time as
> Python 2.3, and the latest version just dropped support for Python 2.1 and
> 2.2.  So, if you want something that wasn't thrown together in an afternoon,
> it might be a good thing to take a look at.  ;-)
>
>
>> The other reason I can think of is that Tav is a capabilities purist. :-)
>
> You can implement capabilities on top of RestrictedPython; it's simply a
> policy-neutral enforcement framework.
>
>



-- 
--Guido van Rossum (home page: http://www.python.org/~guido/)