Creating a capabilities-based restricted execution system
Sean R. Lynch
seanl at chaosring.org
Sat Jan 3 16:38:09 EST 2004
Martin v. Löwis wrote:
> "Sean R. Lynch" <seanl at chaosring.org> writes:
>
>
>>RestrictedPython avoids this by removing the type() builtin from the
>>restricted __builtins__, and it doesn't allow untrusted code to create
>>names that start with _.
>
>
> Ah, ok. That might restrict the usefulness of the package (perhaps
> that is what "restricted" really means here :-).
>
> People would not normally consider the type builtin insecure, and
> might expect it to work. If you restrict Python to, say, just integers
> (and functions thereof), it may be easy to see it is safe - but it is
> also easy to see that it is useless.
>
> The challenge perhaps is to provide the same functionality as rexec,
> without the same problems.
Well, I'm providing a same_type function that compares types. What else
do you want to do with type()? The other option is to go the Zope3 route
and provide proxies to the type objects returned by type().
More information about the Python-list
mailing list