[Python-Dev] In defense of Capabilities [was: doc for new restricted execution design for Python]
Brett Cannon
brett at python.org
Sat Jul 8 04:01:27 CEST 2006
On 7/7/06, Nick Coghlan <ncoghlan at gmail.com> wrote:
>
> Brett Cannon wrote:
> > Good point. C code could circumvent the bit check by doing all of the
> > work behind the scenes without pushing the object on the stack. But if
> > the check is in the C code for the object itself it is much harder to
> > get around.
>
> C code can circumvent the bit check by calling fopen() directly and
> pushing
> something onto the stack that isn't even recognised by the interpreter as
> a
> file object :)
Right, but you can take measures to prevent accidental circumvention.
You *have* to trust C code completely before importing it, because it has
> access to the platform C library and can do whatever the heck it wants.
Yep.
-Brett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/python-dev/attachments/20060707/2a96118f/attachment.htm
More information about the Python-Dev
mailing list