[Python-Dev] Capabilities / Restricted Execution (original) (raw)

Talin talin at acm.org
Tue Jul 11 20:10:34 CEST 2006

• Previous message: [Python-Dev] Capabilities / Restricted Execution
• Next message: [Python-Dev] Capabilities / Restricted Execution
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Scott Dial wrote:

Phillip J. Eby wrote:

A function's funcclosure contains cell objects that hold the variables. These are readable if you can set the funcclosure of some function of your own. If the overall plan includes the ability to restrict funcclosure setting (or reading) in a restricted interpreter, then you might be okay. Except this function (getattribute) has been trapped inside of a class which does not expose it as an attribute. So, you shouldn't be able to get to the funcclosure attribute of the getattribute function for an instance of the Guard class. I can't come up with a way to defeat this protection, at least. If you have a way, then I'd be interested to hear it.

I've thought of several ways to break it already. Some are repairable, I'm not sure that they all are.

For example, neither of the following statements blows up:

print t2.get_name.func_closure[0]
print object.__getattribute__( t2, '__dict__' )

Still, its perhaps a useful basis for experimentation.

-- Talin

• Previous message: [Python-Dev] Capabilities / Restricted Execution
• Next message: [Python-Dev] Capabilities / Restricted Execution
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list