who is my caller?
Carlos Alberto Reis Ribeiro
cribeiro at mail.inet.com.br
Tue Mar 27 12:37:59 EST 2001
At 10:15 27/03/01 -0500, Clark C. Evans wrote:
>This brings up another question, if I
>have a function can I get the module
>handle; or if I have a bound-function can
>I fetch the object that it is part of?
I suggested a similar problem on my recent comment about proxies/adapters.
You could use a proxy to handle security. Plese check my recent posts on
this for details:
1) External code logs in and ask the object for a interface.
2) Your object returns a proxy object containing *only* the authorized methods.
3) When the external code calls some method through the proxy, your object
checks to see if the call comes from the proxy or from some other object.
The test is done on the address of the caller object.
4) One advantage of this is that the signature of the proxy can't be forged
in the stack, because it's the address of the proxy itself. This keeps
being true even if the call is hacked through im_self (in this case, the
caller would be im_self).
In order for this to work, we need to answer these questions:
Q1) Do we have this information on the stack? More specifically, in the
case of a proxied call (using my MakeAdapter implementation), do we know
that the call was done through the proxy?
Q2) Can we be sure that Python objects keep the same memory address at all
times? I ssume so - it would be very hard to have them moving in memory at
will :-)
I think we can make it work. May be a fix to the Python stack
implementation would be needed for the proxied call. However, it should not
be very hard to do it (I haven't checked the sources yet - I'm tied to my
windows machine for now, without gcc, and I'll only turn my linux box in
the next two weeks or so).
Carlos Ribeiro
More information about the Python-list
mailing list