[Python-Dev] rexec.py unuseable

Martin v. Löwis martin at v.loewis.de
Sat Dec 20 04:52:04 EST 2003


Luke Kenneth Casson Leighton <lkcl at lkcl.net> writes:

>  so like i said, i believe it to be a relatively simple job to spec
>  out how to add the means _by which_ ACLs can be usefully evaluated.
[...]
>  is this making sense at all?

I now see the problem more clearly: *All* you are trying to explain is
"How can I arrange that some sort of policy is applied to function calls".
Your ACL system does not do anything else: It just applies some policy,
and arranges to restrict callers.

This has nothing to do with rexec, though. In your system, by default,
restriction applies to all callers. In rexec, there is a clear
distinction between restricted callers, and unrestricted code. By
default, all code is unrestricted, and code gets restricted by
declaring it so (by having a different set of builtins); restriction
automatically propagates to all code imported in restricted mode.

This is not possible to achieve with ACLs.

Regards,
Martin




More information about the Python-list mailing list