Creating a capabilities-based restricted execution system

Sean R. Lynch seanl at chaosring.org
Sat Jan 3 21:24:10 CET 2004


I hate replying to myself, but I've written some more code. I hope to 
have something posted soon so people can rip it apart without needing to 
resort to conjecture  :)

I had been considering using a name-mangled setattr for doing attribute 
assignment to only allow assignment to attributes on descendants of the 
class one was writing methods on, but it occurred to me that I could 
probably treat "self" as a special name using only compiler 
modifications, so I could eliminate RestrictedPython's need to turn all 
Getattrs and AssAttrs (shouldn't it be GetAttr) into method calls. Now, 
of course, I'm limited to static checks on names to control access, but 
Python already disallows, for example, access to f.func_globals, and 
RestrictedPython disallows names that begin with underscore.

Now I need to write a bunch of code that uses this system and attempts 
to break it  :)



More information about the Python-list mailing list