[Python-Dev] doc for new restricted execution design for Python (original) (raw)

Fuzzyman fuzzyman at voidspace.org.uk
Tue Jul 4 13:08:21 CEST 2006

• Previous message: [Python-Dev] doc for new restricted execution design for Python
• Next message: [Python-Dev] doc for new restricted execution design for Python
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ka-Ping Yee wrote:

Hi Brett,

Here are some comments on the description of the restricted execution model that you posted. [snip...]

Filesystem ===================

The most obvious facet of a filesystem to protect is reading from it. One does not want what is stored in /etc/passwd to get out. And one also does not want writing to the disk unless explicitly allowed for basically the same reason; if someone can write /etc/passwd then they can set the password for the root account.

There's a big difference between modifying (or erasing) an existing file and writing a new file (e.g. for temporary storage). If i give you a little filesystem of your own to play in, and it starts out empty, you can put whatever you want in it without violating my secrecy or the integrity of my files. I think you should be talking about this in terms of specifically what abilities you want to be able to allow, based on examples of real-life applications. As an adjunct to this, one of the barriers to Javascript applications is the lack of client-side data persistence.

This makes (amongst other things) offline, or entirely clientside, applications very difficult. All sorts of novel ways round this have been found [ http://codinginparadise.org/weblog/2006/04/now-in-browser-near-you-offline-access.html ].

If a 'standard' interpreter running in the browser had sandboxed access to the filesystem, this would be great.

Of course Mozilla would probably disable it by default, and only provide horrific means for users to re-enable it [ http://www.mozilla.org/editor/midasdemo/securityprefs.html ].

All the best,

Michael Foord http://www.voidspace.org.uk/python/index.shtml

-- ?!ng

---

Python-Dev mailing list Python-Dev at python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/fuzzyman%40voidspace.org.uk

• Previous message: [Python-Dev] doc for new restricted execution design for Python
• Next message: [Python-Dev] doc for new restricted execution design for Python
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list