Security of Bastion and RExec (was Re: Private variables

[Paul Wright]

In article <mailman.1034912543.20259.python-list at python.org>,
Delaney, Timothy <tdelaney at avaya.com> wrote:
> From: Timothy J. Wood [mailto:tjw at omnigroup.com]
>> 
>> Is there any way to have truly private instance variables in Python?
>> 
>> My situation is this -- I'm going to be working on a module that
>> has C 'native methods'.  Several of the Python classes will
>> correspond to C structures that will be used in these native
>> methods.  Additionally, I'll want to allow (along with other
>> security measures) to be able to safely run third-party code that
>> uses my module.
>
>If your users must truly be considered as adversaries (i.e. you
>*cannot* trust them) then Python is not the correct language to use.

I thought that the RExec and Bastion modules could be combined to
provide the sort of security the original poster was asking about (which
seems to be restricting object attribute access). Is this not so, or are
you talking about something else here? 

I did notice from the RExec HOWTO
<http://py-howto.sourceforge.net/rexec/node3.html> that it's impossible
to prevent denial of service type attacks from resource exhaustion, say.
(Unless you're willing to start forking processes).

I'd also mention mxProxy at this point as another restricted
environment I've come across:
<http://www.lemburg.com/files/python/mxProxy.html>

-- 
Paul Wright | http://pobox.com/~pw201 |