[Python-Dev] In defense of Capabilities [was: doc for new restricted execution design for Python] (original) (raw)

Greg Ewing greg.ewing at canterbury.ac.nz
Thu Jul 6 02:59:21 CEST 2006

• Previous message: [Python-Dev] In defense of Capabilities [was: doc for new restricted execution design for Python]
• Next message: [Python-Dev] In defense of Capabilities [was: doc for new restricted execution design for Python]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michael Chermside wrote:

That leaves the other problem: auxiliary means of accessing objects. There are things like gc.getobjects(). In the special case of file, which is a type that's also dangerous, there are tricks like "object().class.subclasses()".

My approach to that would be to not provide access to these kinds of things via attributes, but via builtin functions. E.g there wouldn't be a subclasses attribute, but a subclasses() function. Then that capability can be denied by not providing that function.

-- Greg

• Previous message: [Python-Dev] In defense of Capabilities [was: doc for new restricted execution design for Python]
• Next message: [Python-Dev] In defense of Capabilities [was: doc for new restricted execution design for Python]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list