killing thread ?
Jp Calderone
exarkun at intarweb.us
Fri Jan 24 14:53:42 EST 2003
On Fri, Jan 24, 2003 at 01:35:41PM -0500, Tim Peters wrote:
> [Jp Calderone]
> > ...
> > It is currently not possible to write a secure sandbox in
> > Python. I'm not sure if you can call that a bug; it's certainly
> > unfortunate.
>
> Just curious: does there exist a programming language in which it is
> possible do this? If so, who guarantees it, and via what kind of validation
> process?
>
Implementations tend to fall short, even if the language specifies that
such security is possible. Java and Javascript claim it, and fall short.
You -could- make a Python implementation that claimed it, there's nothing
about the language that inherently prevents it that I know about. Actually
there's been talk recently on python-dev on how to handle the secure parts
of Python, possibly doing a fork of the interpreter, or a separate dev tree
to try to make the supposedly secure features actually secure, etc. What's
my point? I'm not sure :) I guess my answer is this: I don't know of any
language implementation that tries and succeeds at this goal.
Jp
--
"Pascal is Pascal is Pascal is dog meat."
-- M. Devine and P. Larson, Computer Science 340
--
up 39 days, 23:49, 2 users, load average: 0.74, 0.69, 0.60
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-list/attachments/20030124/3197139b/attachment.sig>
More information about the Python-list
mailing list