Creating a capabilities-based restricted execution system
Martin v. Löwis
martin at v.loewis.de
Sat Jan 3 16:17:20 EST 2004
"Sean R. Lynch" <seanl at chaosring.org> writes:
> RestrictedPython avoids this by removing the type() builtin from the
> restricted __builtins__, and it doesn't allow untrusted code to create
> names that start with _.
Ah, ok. That might restrict the usefulness of the package (perhaps
that is what "restricted" really means here :-).
People would not normally consider the type builtin insecure, and
might expect it to work. If you restrict Python to, say, just integers
(and functions thereof), it may be easy to see it is safe - but it is
also easy to see that it is useless.
The challenge perhaps is to provide the same functionality as rexec,
without the same problems.
Regards,
Martin
More information about the Python-list
mailing list