[Python-Dev] Taint Mode in Python 3.0
Maciej Fijalkowski
fijall at gmail.com
Fri Dec 5 00:38:25 CET 2008
Hello,
The thing is pypy's taint code is broken. Basically you don't only
need to patch all places that return pyobject, but also all places
that might modify anything. (All side effects) For example innocently
looking call to addition might end up calling arbitrary python code
(and have arbitrary side effects). There is a question how do you
approach such things?
Cheers,
fijal
On Fri, Dec 5, 2008 at 12:29 AM, Amaury Forgeot d'Arc
<amauryfa at gmail.com> wrote:
> Hello,
>
> On Thu, Dec 4, 2008 at 19:36, Nicole King <nicole at cats-muvva.net> wrote:
>> Dear All,
>>
>> I have published the diff for my implementation of tainted mode in Python for
>> R3.0 (released version) at http://www.cats-muvva.net/software/. Look at the
>> bottom the page. I apologise for past problems accessing this web site: I
>> hope to have resolved all the issues with it.
>
> The patch is indeed huge! it seems that every function that returns a
> PyObject must be modified.
> And it seems very difficult to check for its correctness.
>
> Did you look at the Pypy project? The C code of the interpreter is
> generated, and it already proposes a "Taint" option at translation
> time.
> http://codespeak.net/pypy/dist/pypy/doc/objspace-proxies.html#taint
> With only 300 lines of elegant python code...
>
> --
> Amaury Forgeot d'Arc
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> http://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe: http://mail.python.org/mailman/options/python-dev/fijall%40gmail.com
>
More information about the Python-Dev
mailing list