who is my caller?

[Remco Gerlich]

Clark C. Evans <cce at clarkevans.com> wrote in comp.lang.python:
> In many mud languages, you can query the
> call-stack to find out who called you.
> Is there a stack of function objects
> that can be obtained somehow?  Is this
> non-portable black magic?  
> 
> I'm asking beacuse this technique is
> often useful for implementing security
> (ok, not very good security)

if (this_player(1) != this_object())
   return !notify_fail("Back off, cheater.\n")
   
Ahh, the memories...

Anyways, yes, it's more like black magic in Python. There is a call stack
you can inspect, but only if you just caught an exception.

import sys

try:
   raise "whee"
except "whee":
   traceback = sys.exc_info()[2]
   # extract whatever info you need from the traceback
finally:
   del traceback # to avoid cyclic references

See the 'traceback' module to see how you can print out a traceback, etc.
You can also play around with the object in the interpreter to see what kind
of attributes it has, and its attributes, and...

But, what kind of security are you thinking of? You're not going to mix
untrusted code with server code in some sort of mud? The mud's code (like
LPC on a lpmud) has to run in some sort of sandbox, otherwise all the
server's internals will be open.

Python has 'rexec' to run things inside a sandbox, but I don't think it's
quite industrial strength enough to build a mud on. Too many good coders
with too much time trying to cheat :). There has been discussion before,
I seem to remember a module, but I can't think of it at the moment, search
around for "mud", "rexec", "python", that sort of thing...

-- 
Remco Gerlich