"a better input"

holger krekel pyth at devel.trillke.net
Thu May 9 05:57:52 EDT 2002 

Gareth McCaughan wrote:
> Alex Martelli wrote:
> 
> [I said:]
> > >> To expand: we could really do with something that lets the user
> > >> enter "46" or "0x1234" or "'walrus'" or "-2+6j" or "[1,'a',{3:4}]"
> > >> and returns the same as |input| does for those, but that doesn't
> > >> permit "f(123)" or "2**2002" or "[x for x in [1,2,3]]".
> > 
> > You'll have to pin that down more closely, as I can't see any
> > easily definable difference between operators used as in:
> >         -2+6j
> > and operators used as in:
> >         2**6
> > yet apparently you want to allow the former but forbid the latter
> > (why? what is gained in forcing people to do this in their head?).
> 
> I don't actually mind if an input() replacement evaluates 2+3.
> I do mind if it is able to do arbitrary computation, where
> "arbitrary" is fuzzily defined to cover things like
> 
>   1 anything that could take a large amount of time or
>     memory to compute;
> 
>     (rationale: we don't want to facilitate DoS attacks;
>     users will find it counterintuitive if what they think
>     of as reading a value can consume unbounded resources.)
>   2 anything that could compromise security if an attacker
>     were allowed to decide what got read by input();
> 
>     (rationale: obvious.)
> 
>   3 anything that can't be explained quite accurately and
>     quite quickly to a non-expert.
> 
>     (rationale: whatever input() does, we want to be able
>     to explain it; one of Python's big attractions is that
>     it's easy for beginners to get their heads round.)

IMO, don't add such things to python. If you really need
such security use the mechanisms of your
OS e.g. restricted execution or even Jails/Bsd or UserModeLinux
which give you security on the *system call* level even
if you are executing as *root*. This way you can still
use the full power of any C-extension or cmdline-tool...

That's a fundamentally better approach than fiddling
with some functions in python and quite possibly bloating
the API and the language.

    holger

More information about the Python-list mailing list