[Python-Dev] Python jail: whitelist vs blacklist
Christian Heimes
lists at cheimes.de
Tue Feb 24 18:16:06 CET 2009
Victor Stinner wrote:
> This approach was implemented in PyPy using two interpreters.
>
> In CPython, we may use proxies on anything to check all operations.
> jail -- validations --> real world
> jail <-- proxy objects -- real world
>
> tav's jail might be converted to the whitelist approach:
> - add proxy to __builtins__
> - add proxy to globals()
> - add proxy to dir()
> - ... well, add proxies to anything going to the jail ;-) and make sure that
> a proxy can not be modified by itself or read private attributes
>
> My approach is maybe naive and imposible to implement :-)
Something similar to your approach is already implemented in Zope 3's
security system. Have a look at
http://svn.zope.org/zope.security/trunk/src/zope/security/
Christian
More information about the Python-Dev
mailing list