[Python-Dev] Reviving restricted mode? (original) (raw)
P.J. Eby pje at telecommunity.com
Mon Feb 23 04:39:59 CET 2009
- Previous message: [Python-Dev] Reviving restricted mode?
- Next message: [Python-Dev] Reviving restricted mode?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
At 08:45 AM 2/22/2009 -0800, Guido van Rossum wrote:
I've received some enthusiastic emails from someone who wants to revive restricted mode. He started out with a bunch of patches to the CPython runtime using ctypes, which he attached to an App Engine bug:
http://code.google.com/p/googleappengine/issues/detail?id=671 Based on his code (the file secure.py is all you need, included in secure.tar.gz) it seems he believes the only security leaks are subclasses, giframe and gicode. (I have since convinced him that if we add "restricted" guards to these attributes, he doesn't need the functions added to sys.) I don't recall the exploits that Samuele once posted that caused the death of rexec.py -- does anyone recall, or have a pointer to the threads?
Just a question, but, if you just need a pure-python restricted environment for App Engine, why not just use the RestrictedPython package (i.e., http://pypi.python.org/pypi/RestrictedPython )?
- Previous message: [Python-Dev] Reviving restricted mode?
- Next message: [Python-Dev] Reviving restricted mode?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]