Private variables

[Timothy J. Wood]

On Friday, October 18, 2002, at 08:16  PM, Erik Max Francis wrote:
> But how would these security implications be any different from such a
> user downloading and installing _any_ old software on their machine?
> Software is software, if you're downloading, installing, and running
> software on your own machine you have to take some responsibility for
> it.

   Natively running software has access to full OS services.  This would 
not.  As I said before, I would remove from the Python runtime all 
direct OS services that could be security problems and route them 
through my own game-specific APIs.


> After all, someone could (by other means) have a compromised system
> where the Python interpreter has been replaced such that innocuous
> scripts turn malicious.  That's hardly something you should take into
> account when writing Python software, however.

   I'm talking about an embedded interpreter, so the user's normal 
Python installation (probably none) is not an issue.

> As I said, if you're looking for some minimal protection, see the rexec
> module.  I suspect you're chasing a ghost, though.

   I will probably look more at rexec.

   But in general terms, you can think of this just like running a Java 
applet in a web browser.  With a properly implemented web browser and 
JVM combination, running Java applets is safe.  Likewise, I want to 
remove all the direct OS services from Python and hook them up to 
services I will provide (which will also disallow insecure operations 
and as many DoS attacks as possible).

-tim