Will nested scoping break restricted execution ??

[Tim Peters]

[rturpin at my-deja.com]
> I thought that the restricted execution module functioned
> partly by controlling the builtin, local, and global
> namespaces.

Right.

> With nested scoping, the namespace model becomes significantly
> more complex. Will the restricted execution module be badly
> affected by nested scoping?

Jeremy Hylton implemented nested scopes, and is also Guido's "security
geek".  I doubt he would tolerate compromise here.  But he'll have to speak
for himself, because I can only channel Guido <wink>.

My offhand *opinion* is that it's darned hard to see any way in which it
could hurt at all:  there's nothing you can do with nested functions that
you couldn't do before with classes and instance data.  Reaching outside the
module still requires getting at the builtins or module globals, and those
are still under control.  You can create an unbounded number of new local
namespaces within a single function now, but you can't bind the new local
names to anything that isn't visible in their scope, which means crawling up
the nested chain of scopes and again topping out at the globals or builtins.

> If so that is a bad trade. A really bad trade.

And if not so, it's not a trade at all <wink>.