[Python-Dev] Handling of sys.args (Re: User's complaints)

Brett Cannon brett at python.org
Fri Jul 14 23:30:17 CEST 2006 

On 7/14/06, Guido van Rossum <guido at python.org> wrote:
>
> Whoa, whoa. What's the *problem* we're trying to solve here?


I have a use case for sandboxing.  I am already having to plan to have a
mini-sys module in a sandbox so that they cannot get access to dangerous
things.

-Brett

On 7/14/06, Nick Coghlan <ncoghlan at gmail.com> wrote:
> > Greg Ewing wrote:
> > > Maybe sys needs to be split into two modules, with
> > > the non-sensitive one pre-imported (so that the
> > > importless interpreter you suggest wouldn't be
> > > unnecessarily crippled).
> >
> > Maybe not splitting it, but providing a read-only mechanism of getting
> at
> > certain elements, with "import sys" still being the way of *modifying*
> any of
> > these things.
> >
> > Relatively safe items (could be provided as attributes and methods of a
> > read-only class instance in builtins instead of as a module):
> >
> >    argv (as a tuple instead of a list)
> >    byteorder
> >    maxint
> >    maxunicode
> >    builtin_module_names
> >    copyright
> >    exc_info()
> >    exec_prefix
> >    executable
> >    exit([arg])
> >    getdefaultencoding()
> >    getfilesystemencoding()
> >    getwindowsversion()
> >    hexversion
> >    platform
> >    prefix
> >    stdin
> >    stdout
> >    stderr
> >    version
> >    version_info
> >    winver
> >
> >
> > Arguably privileged information (no real reason for non-privileged code
> to
> > know this stuff):
> >    subversion
> >    getcheckinterval()
> >    getdlopenflags()
> >    dllhandle
> >    _current_frames()
> >    getrefcount(object)
> >    getrecursionlimit()
> >    _getframe([depth])
> >    __displayhook__
> >    __excepthook__
> >    __stdin__
> >    __stdout__
> >    __stderr__
> >    api_version
> >    warnoptions
> >    tracebacklimit
> >    displayhook(value)
> >    excepthook(type, value, traceback)
> >    ps1
> >    ps2
> >
> >
> > Definitely privileged operations:
> >    Actually *setting* any of the above to something different
> >    modules
> >    path
> >    exc_clear()
> >    setcheckinterval(interval)
> >    setdefaultencoding(name)
> >    setdlopenflags(n)
> >    setprofile(profilefunc)
> >    setrecursionlimit(limit)
> >    settrace(tracefunc)
> >    settscdump(on_flag)
> >
> > Cheers,
> > Nick.
> >
> > --
> > Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia
> > ---------------------------------------------------------------
> >              http://www.boredomandlaziness.org
> > _______________________________________________
> > Python-Dev mailing list
> > Python-Dev at python.org
> > http://mail.python.org/mailman/listinfo/python-dev
> > Unsubscribe:
> http://mail.python.org/mailman/options/python-dev/guido%40python.org
> >
>
>
> --
> --Guido van Rossum (home page: http://www.python.org/~guido/)
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> http://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe:
> http://mail.python.org/mailman/options/python-dev/brett%40python.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/python-dev/attachments/20060714/42f411c8/attachment-0001.html

More information about the Python-Dev mailing list