[Python-Dev] In defense of Capabilities [was: doc for new restricted execution design for Python]
Nick Coghlan
ncoghlan at gmail.com
Sat Jul 8 03:39:04 CEST 2006
Brett Cannon wrote:
> Good point. C code could circumvent the bit check by doing all of the
> work behind the scenes without pushing the object on the stack. But if
> the check is in the C code for the object itself it is much harder to
> get around.
C code can circumvent the bit check by calling fopen() directly and pushing
something onto the stack that isn't even recognised by the interpreter as a
file object :)
You *have* to trust C code completely before importing it, because it has
access to the platform C library and can do whatever the heck it wants.
Cheers,
Nick.
--
Nick Coghlan | ncoghlan at gmail.com | Brisbane, Australia
---------------------------------------------------------------
http://www.boredomandlaziness.org
More information about the Python-Dev
mailing list