Will nested scoping break restricted execution ??
Martin von Loewis
loewis at informatik.hu-berlin.de
Sat Feb 3 12:34:16 CET 2001
"Tim Peters" <tim.one at home.com> writes:
> [rturpin at my-deja.com]
> > I thought that the restricted execution module functioned
> > partly by controlling the builtin, local, and global
> > namespaces.
Actually wrong, I think. It does not control local and global
namespaces. Instead, it controls what names you can get from
I.e. you can't prohibit a program doing
socket = 1
but you can prevent that it does
although either code creates a socket variable, from a local and
global namespace point of view. Likewise, you can prevent the code
import socket as string
even if importing "string" is allowed, as long import "socket" is not.
> My offhand *opinion* is that it's darned hard to see any way in
> which it could hurt at all: there's nothing you can do with nested
> functions that you couldn't do before with classes and instance
Exactly. Furthermore, with the current code, rexec operates on a
per-module basis: r_exec, r_execfile etc always take an entire module
code, and execute it restrictedly (which sometimes means that they
create a new __main__ to do so). So there never is a need to prevent
restricted code from accessing its global variables.
I believe there isn't a way to prevent restricted code from accessing
a specific __builtin__, either - instead, you have to provide
alternative or missing versions of the builtins in advance.
More information about the Python-list