[Python-Dev] New miniconf module
Sylvain Fourmanoit
syfou at users.sourceforge.net
Wed Jul 26 22:45:35 CEST 2006
> miniconf, OTOH, appears to have an interface compatible with capability
> security (I have not checked that the compiler.ast module used in its
> implementation is safe.)
I woudn't be 100% sure either (obviously, I didn't write this nice piece
of code, let alone the underlying parser), but I read it and tried to
abuse it without success (I haven't found obvious buffer overflow and
such)... As far as I know, the abstract syntax tree generation exposed
via compiler.ast is a safe operation, in the sense that it doesn't allow
execution of code when feeded from arbitrary strings via
compiler.parse(); in the worst case scenario, it raises a SyntaxError or
similar exceptions, as documented... If anybody know more on this issue, I
will be happy to hear about it.
> miniconf has a few limitations one should be aware of:
>
> - It is not preemptiple: concurrent calls to dump() or load() will
> have unpredictable results and must be avoided.
>
> This limitation should be fixed before the module is added to the
> standard library, IMHO.
If this is the general opinion, I will be glad to change this...
The only reason miniconf is not thread-safe for the moment is that I
chose to re-use over and over a single instance of each of my two
processing classes to reduce resources usage, but this seems pretty
pointless (and overly complicated) now that I look at it. Yours,
--
Sylvain <syfou at users.sourceforge.net>
Your files are now being encrypted and thrown into the bit bucket.
EOF
More information about the Python-Dev
mailing list