killing thread ?

Jp Calderone exarkun at intarweb.us
Fri Jan 24 20:53:42 CET 2003


On Fri, Jan 24, 2003 at 01:35:41PM -0500, Tim Peters wrote:
> [Jp Calderone]
> > ...
> > It is currently not possible to write a secure sandbox in
> > Python.  I'm not sure if you can call that a bug; it's certainly
> > unfortunate.
> 
> Just curious:  does there exist a programming language in which it is
> possible do this?  If so, who guarantees it, and via what kind of validation
> process?
> 

  Implementations tend to fall short, even if the language specifies that
such security is possible.  Java and Javascript claim it, and fall short. 
You -could- make a Python implementation that claimed it, there's nothing
about the language that inherently prevents it that I know about.  Actually
there's been talk recently on python-dev on how to handle the secure parts
of Python, possibly doing a fork of the interpreter, or a separate dev tree
to try to make the supposedly secure features actually secure, etc.  What's
my point?  I'm not sure :)  I guess my answer is this: I don't know of any
language implementation that tries and succeeds at this goal.

  Jp

-- 
"Pascal is Pascal is Pascal is dog meat."
                -- M. Devine and P. Larson, Computer Science 340
-- 
 up 39 days, 23:49, 2 users, load average: 0.74, 0.69, 0.60
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-list/attachments/20030124/3197139b/attachment.pgp>


More information about the Python-list mailing list