[Python-Dev] doc for new restricted execution design for Python (original) (raw)

Brett Cannon brett at python.org
Thu Jul 6 01:11:14 CEST 2006

On 7/5/06, Michael Chermside <mcherm at mcherm.com> wrote:

Ka-Ping Yee writes: > If you mean getting from a trusted interpreter to an untrusted > interpreter -- then how is a resource going to travel between > interpreters? Brett Cannon responds: > Beats me, but I am always scared of Armin and Samuele. =) Okay, those two scare me also, but I would still rather not spread FUD.

I don't consider it FUD. Armin in an email said that he thought it was a losing battle to try to hide 'file' from an interpreter. That is what I am worried about, period. Everythign else can be protected through resource hiding.

Your proposal contains lots of details about how to

address the danger that Python objects can cross from one interpreter to another. Could we instead attack that straight-on and try to find a convincing proof that objects cannot possibly cross the interpreter barrier? If so, it would simplify a bit of your proposal, and make me feel a little less worried.

As I said to Ping, if people really think this is doable and are willing to help out with this, then fine, I am willing to give this a shot. But I know I don't personally know enough about every random corner of the code base like Armin and Samuele know in order to feel comfortable in claiming I can pull this off by myself.

-Brett -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.python.org/pipermail/python-dev/attachments/20060705/db937623/attachment.htm

More information about the Python-Dev mailing list