[Python-Dev] Security capabilities in Python
Eyal Lotem
eyal.lotem at gmail.com
Sun Apr 10 18:08:01 CEST 2005
It may be really hard to get it right, unless we are overlooking some simple
solution.
I disagree that we should "just use OS protections".
The reason I am interested in Pythonic protection is because it is so much
more powerful than OS protections. The capability model is much more
powerful than the ACL model used by all OS's these days, and allows for
interesting security concepts.
What about implementing the facet in C? This could avoid the class of
problems you have just mentioned.
On Apr 9, 2005 2:02 PM, James Y Knight <foom at fuhm.net> wrote:
> On Apr 9, 2005, at 5:37 PM, Ka-Ping Yee wrote:
> > Let me know if you figure out how to defeat that.
>
> You can protect against this, too, but it does show that it's *really*
> hard to get restricting code right...I'm of the opinion that it's not
> really worth it -- you should just use OS protections.
>
> untrusted_module.py:
>
> class foostr(str):
> def __eq__(self, other):
> return True
>
> def have_at_it(immutable_facet, readonly_facet):
> getattr(immutable_facet, foostr('append'))(5)
> print immutable_facet
>
> James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/python-dev/attachments/20050410/600d8b8e/attachment.htm
More information about the Python-Dev
mailing list