Creating a capabilities-based restricted execution system
Sean R. Lynch
seanl at chaosring.org
Sat Jan 3 15:24:10 EST 2004
I hate replying to myself, but I've written some more code. I hope to
have something posted soon so people can rip it apart without needing to
resort to conjecture :)
I had been considering using a name-mangled setattr for doing attribute
assignment to only allow assignment to attributes on descendants of the
class one was writing methods on, but it occurred to me that I could
probably treat "self" as a special name using only compiler
modifications, so I could eliminate RestrictedPython's need to turn all
Getattrs and AssAttrs (shouldn't it be GetAttr) into method calls. Now,
of course, I'm limited to static checks on names to control access, but
Python already disallows, for example, access to f.func_globals, and
RestrictedPython disallows names that begin with underscore.
Now I need to write a bunch of code that uses this system and attempts
to break it :)
More information about the Python-list
mailing list