[Python-Dev] Capabilities / Restricted Execution
Phillip J. Eby
pje at telecommunity.com
Tue Jul 11 20:09:37 CEST 2006
At 01:30 PM 7/11/2006 -0400, Scott Dial wrote:
>Phillip J. Eby wrote:
> > A function's func_closure contains cell objects that hold the
> > variables. These are readable if you can set the func_closure of some
> > function of your own. If the overall plan includes the ability to
> restrict
> > func_closure setting (or reading) in a restricted interpreter, then you
> > might be okay.
>
>Except this function (__getattribute__) has been trapped inside of a
>class which does not expose it as an attribute. So, you shouldn't be
>able to get to the func_closure attribute of the __getattribute__
>function for an instance of the Guard class.
That doesn't matter, because it's the *returned* function's func_closure
that's at issue. That is, proxy_attr.func_closure[0] is the cell for the
'attr' value.
More information about the Python-Dev
mailing list