Creating a capabilities-based restricted execution system

Aahz aahz at
Sun Jan 4 04:47:51 CET 2004

In article <vveohcpod4oje0 at>,
John Roth <newsgroups at> wrote:
>"Aahz" <aahz at> wrote in message
>news:bt7lbp$ovg$1 at
>> In article <vveg0bb6is2f60 at>,
>> John Roth <newsgroups at> wrote:
>>>Restricted Python was withdrawn because of a number of holes, of which
>>>new style classes were the last straw.
>> RestrictedPython was *not* withdrawn; rexec was withdrawn.  This is a
>> difficult enough issue to discuss without confusing different modules.  See
>I'm not sure what you're trying to say. The Zope page you reference
>says that they were (prior to 2.1) doing things like modifying generated
>byte code and reworking the AST. That's fun stuff I'm sure, but it
>doesn't have anything to do with "Restricted Execution" as defined in the
>Python Library Reference, Chapter 17, which covers Restricted Execution,
>RExec and Bastion (which was also withdrawn.)
>If I confused you with a subtle nomenclature difference, sorry. I don't
>care what Zope is doing or not doing, except for the fact that it seems
>to come up in this discussion. I'm only concerned with what Python is
>(or is not) doing. The approach in the Wiki page you pointed to does,
>however, seem to be a substantially more bullet-proof approach than
>Python's Restricted Execution.

Well, I don't care what you do or don't care about, but I do care that
if you're going to post in a thread that you actually read what you're
responding to and that you post accurate information.  If you go back to
the post that started this thread, it's quite clear that the reference
was specifically to Zope's RestrictedPython.
Aahz (aahz at           <*>

Weinberg's Second Law: If builders built buildings the way programmers wrote 
programs, then the first woodpecker that came along would destroy civilization.

More information about the Python-list mailing list