[Python-Dev] Challenge: Please break this! [Now with blog post]
P.J. Eby
pje at telecommunity.com
Tue Feb 24 16:26:13 CET 2009
At 03:52 PM 2/24/2009 +0100, Victor Stinner wrote:
>Le Tuesday 24 February 2009 15:46:04 Andrew Dalke, vous avez écrit :
> > A goal is to use this in App Engine, yes? Which uses cgitb to report
> > errors? Which needs these restricted frame attributes to report the
> > values of variables when the error occurred?
>
>We should be able to restore the original environment. Example:
>
> ...
> jail(evil_func) # called in the jail
> # unsafe environment with __subclasses__, f_code, etc.
> ...
Of course, you'll have to ensure that anything you do with data from
the jail is also jailed... that callbacks run in the jail,
etc. (This is one advantage of the RestrictedPython approach -- the
jailing of the restricted code isn't dependent on some global state;
it's wired right into the restricted code.)
More information about the Python-Dev
mailing list