[Python-Dev] PEP 318: Security use case (original) (raw)
Samuele Pedroni pedronis at bluewin.ch
Wed Mar 31 08:22:19 EST 2004
- Previous message: [Python-Dev] PEP 318: Security use case
- Next message: [Python-Dev] PEP 318: Decorators last before colon
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 09:06 30.03.2004 -0500, Jeremy Hylton wrote:
On Tue, 2004-03-30 at 06:17, Ka-Ping Yee wrote: > Inner scopes are one of the best places to hide things in Python; > they are very difficult to get at. (I can't seem to find any > special attributes that access the values inside them, and even > if there is a way, it would be easy to imagine a restricted > execution mode that wouldn't expose them.)
It's by design that there is no meta way to get at bindings for free variables. I don't think I said anything about at in the PEP, but I was thinking of JAR's thesis (http://mumble.net/~jar/pubs/secureos/).
the only way I know to get at them is something like this (someone once asked on comp.lang.python):
def mk_acc(x=None): ... return lambda: x ... acc = mk_acc() import new def deref(cell): ... return new.function(acc.func_code,{},"#deref",(),(cell,))() ... def mk_test(y='foo'): ... return lambda : y ... deref(mk_test().func_closure[0]) 'foo'
so yes: they are difficult to get at, it's easy to imagine a restricted execution mode that wouldn't expose them, i.e. that wouldn't be hard part of such a design.
- Previous message: [Python-Dev] PEP 318: Security use case
- Next message: [Python-Dev] PEP 318: Decorators last before colon
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]