[Python-Dev] new security doc using object-capabilities
Phillip J. Eby
pje at telecommunity.com
Sun Jul 23 22:45:54 CEST 2006
At 01:00 PM 7/23/2006 -0700, Brett Cannon wrote:
>I obviously don't want to change the feel of Python, but if I have to
>remove the constructor for code objects to prevent evil bytecode or
>__subclasses__() from object to prevent poking around stuff, then so be
>it. For this project, security is trumpeting backwards-compatibility when
>the latter is impossible in order to have the former. I will obviously
>try to minimize it, but something that works at such a basic level of the
>language is just going to require some changes for it to work.
Zope 3's sandboxing machinery manages to handle securing these things
without any language changes. So, declaring it "impossible" to manage
without backward compatibility seems inappropriate, or at least
incorrect. But perhaps there is something I'm missing?
More information about the Python-Dev
mailing list