[Python-Dev] Capabilities / Restricted Execution

[Scott Dial]

Phillip J. Eby wrote:
> A function's func_closure contains cell objects that hold the 
> variables.  These are readable if you can set the func_closure of some 
> function of your own.  If the overall plan includes the ability to restrict 
> func_closure setting (or reading) in a restricted interpreter, then you 
> might be okay.

Except this function (__getattribute__) has been trapped inside of a
class which does not expose it as an attribute. So, you shouldn't be
able to get to the func_closure attribute of the __getattribute__
function for an instance of the Guard class. I can't come up with a way
to defeat this protection, at least. If you have a way, then I'd be
interested to hear it.

-- 
Scott Dial
scott at scottdial.com
scodial at indiana.edu