[Python-Dev] In defense of Capabilities [was: doc for new restricted execution design for Python] (original) (raw)
Brett Cannon brett at python.org
Thu Jul 6 03:09:54 CEST 2006
- Previous message: [Python-Dev] In defense of Capabilities [was: doc for new restricted execution design for Python]
- Next message: [Python-Dev] what can we do to hide the 'file' type?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 7/5/06, Greg Ewing <greg.ewing at canterbury.ac.nz> wrote:
Michael Chermside wrote: > That leaves the other problem: auxiliary means of accessing > objects. There are things like gc.getobjects(). In the special > case of file, which is a type that's also dangerous, there are > tricks like "object().class.subclasses()". My approach to that would be to not provide access to these kinds of things via attributes, but via builtin functions. E.g there wouldn't be a subclasses attribute, but a subclasses() function. Then that capability can be denied by not providing that function.
subclasses is a function. And yes, if we go this route, that is what would happen most likely. The trick is figuring out any and all ways one can get to 'file' from a standard interpreter prompt.
-Brett -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.python.org/pipermail/python-dev/attachments/20060705/796de055/attachment.htm
- Previous message: [Python-Dev] In defense of Capabilities [was: doc for new restricted execution design for Python]
- Next message: [Python-Dev] what can we do to hide the 'file' type?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]