Will nested scoping break restricted execution ??

Martin von Loewis loewis at informatik.hu-berlin.de
Sat Feb 3 12:34:16 CET 2001


"Tim Peters" <tim.one at home.com> writes:

> [rturpin at my-deja.com]
> > I thought that the restricted execution module functioned
> > partly by controlling the builtin, local, and global
> > namespaces.
> 
> Right.

Actually wrong, I think. It does not control local and global
namespaces. Instead, it controls what names you can get from
elsewhere.

I.e. you can't prohibit a program doing

  socket = 1

but you can prevent that it does

  import socket

although either code creates a socket variable, from a local and
global namespace point of view. Likewise, you can prevent the code
from doing

  import socket as string

even if importing "string" is allowed, as long import "socket" is not.

> My offhand *opinion* is that it's darned hard to see any way in
> which it could hurt at all: there's nothing you can do with nested
> functions that you couldn't do before with classes and instance
> data.

Exactly. Furthermore, with the current code, rexec operates on a
per-module basis: r_exec, r_execfile etc always take an entire module
code, and execute it restrictedly (which sometimes means that they
create a new __main__ to do so). So there never is a need to prevent
restricted code from accessing its global variables.

I believe there isn't a way to prevent restricted code from accessing
a specific __builtin__, either - instead, you have to provide
alternative or missing versions of the builtins in advance.

Regards,
Martin



More information about the Python-list mailing list