[Python-Dev] new security doc using object-capabilities
Brett Cannon
brett at python.org
Sat Jul 22 19:30:23 CEST 2006
On 7/22/06, Armin Rigo <arigo at tunes.org> wrote:
> Re-hi,
>
> On Wed, Jul 19, 2006 at 03:35:45PM -0700, Brett Cannon wrote:
> >
http://svn.python.org/view/python/branches/bcannon-sandboxing/securing_python.txt?rev=50717&view=log
.
>
> I'm not sure I understand what you propose to fix holes like
> constructors and __subclasses__: it seems that you want to remove them
> altogether (and e.g. make factory functions instead). That would
> completely break all programs, right?
Not altogether, just constructors on select types who are considered
dangerous from a security standpoint. The breakage won't be horrible, but
it will be there for advanced Python code.
I will try to make the wording more clear when I get back to work on
Tuesday.
> I mean, there is no way such
> changes would go into mainstream CPython.
If this has to wait until Py3k then so be it.
> Or do you propose to maintain
> a CPython branch manually for the foreseeable future? (From experience
> this is a bad idea...)
>
Yeah, not my idea of fun either, but since this is a long term project, I
will at least need to for the foreseeable future.
-Brett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/python-dev/attachments/20060722/3f1b39e2/attachment.htm
More information about the Python-Dev
mailing list