From taleinat at gmail.com  Thu Jun  1 14:37:31 2023
From: taleinat at gmail.com (Tal Einat)
Date: Thu, 1 Jun 2023 21:37:31 +0300
Subject: [Idle-dev] Why does IDLE use a subprocess?
In-Reply-To: <2m-4UrFZwtHHD2xPWD7CAeB5szq7JSX4c6ezZ9r2C-1QAow9PNfQTnfrZYJoME9MhyIsLeFyQWOxXz6XAFE7EUsXKXL5qWBluhpw0HGG1oY=@proton.me>
References: <2m-4UrFZwtHHD2xPWD7CAeB5szq7JSX4c6ezZ9r2C-1QAow9PNfQTnfrZYJoME9MhyIsLeFyQWOxXz6XAFE7EUsXKXL5qWBluhpw0HGG1oY=@proton.me>
Message-ID: <CALWZvp5w4jL8PxVCio_zfr=RKPCEruW2d0ZrfxGMzQjX4aoeRw@mail.gmail.com>

Hi James,

IDLE's use of a sub-process is not primarily about security.

If one were to run user code within the same Python process (as IDLE
originally did!), then the Python interpreter would be shared between the
user code and IDLE.

(It is today possible to run a (nearly entirely) separate Python
interpreter within the same process, but that is a relatively new
development from recent years.)

Sharing the interpreter is a problem for various reasons, led by:
* User code can break IDLE in many interesting and unexpected ways.
* User code can block the main thread, which would make IDLE unresponsive.

There are many other reasons too. For example, the "restart interpreter"
feature is much harder, perhaps impossible, to implement.

Let me know if you'd like any further details.
- Tal Einat

On Tue, May 23, 2023 at 1:23?AM James Schaffler via IDLE-dev <
idle-dev at python.org> wrote:

> Hi,
>
> I was curious about the internals of IDLE, and noticed that IDLE uses
> executes user code in a "subprocess" that's separate from the Python
> interpreter that is running IDLE itself (which does tasks such as making
> the window and coloring the text).
>
> As far as I understand, IDLE runs a modified version of
> code.InteractiveInterpreter by sending user code through a socket. Even the
> IDLE documentation says that without a subprocess, "user code is not
> isolated from IDLE itself." However, some minimal testing of
> InteractiveInterpreter leads me to believe that the Interpreter object has
> its own view of local/global variables and therefore shouldn't be able to
> affect the calling interpreter (please correct me if I'm wrong).
>
> So my question is a combination of "Why does IDLE use a subprocess?" and
> "Why is InteractiveInterpreter not secure enough?" What possible security
> vulnerabilities exist if one uses IDLE without the subprocess? If anyone
> knows (or could point me to information on) why IDLE is designed this way,
> I'd really appreciate it. Thank you!
>
> Jim
> _______________________________________________
> IDLE-dev mailing list
> IDLE-dev at python.org
> https://mail.python.org/mailman/listinfo/idle-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/idle-dev/attachments/20230601/aec1bc89/attachment.html>

From jschaffler at proton.me  Sat Jun  3 21:41:17 2023
From: jschaffler at proton.me (James Schaffler)
Date: Sun, 04 Jun 2023 01:41:17 +0000
Subject: [Idle-dev] Why does IDLE use a subprocess?
In-Reply-To: <CALWZvp5w4jL8PxVCio_zfr=RKPCEruW2d0ZrfxGMzQjX4aoeRw@mail.gmail.com>
References: <2m-4UrFZwtHHD2xPWD7CAeB5szq7JSX4c6ezZ9r2C-1QAow9PNfQTnfrZYJoME9MhyIsLeFyQWOxXz6XAFE7EUsXKXL5qWBluhpw0HGG1oY=@proton.me>
 <CALWZvp5w4jL8PxVCio_zfr=RKPCEruW2d0ZrfxGMzQjX4aoeRw@mail.gmail.com>
Message-ID: <Q0OoDJxk7PcnYP2hjPclOKRbi4HvaO7hPj9fouF2ZBtxwHCRaCreQZQWdPn_qbFJ6B-PiiIKcMoPNgrokEfinbkqfQpINwSDbI2rBdUoAT8=@proton.me>

On Thursday, June 1st, 2023 at 2:37 PM, Tal Einat wrote:
> IDLE's use of a sub-process is not primarily about security.
>
> If one were to run user code within the same Python process (as IDLE originally did!), then the Python interpreter would be shared between the user code and IDLE.
>
> (It is today possible to run a (nearly entirely) separate Python interpreter within the same process, but that is a relatively new development from recent years.)
>
> Sharing the interpreter is a problem for various reasons, led by:
> * User code can break IDLE in many interesting and unexpected ways.
> * User code can block the main thread, which would make IDLE unresponsive.
>
> There are many other reasons too. For example, the "restart interpreter" feature is much harder, perhaps impossible, to implement.
>
> Let me know if you'd like any further details.
> - Tal Einat
Hi Tal,

This is a great answer, thank you so much! I didn't consider that blocking the main thread could be a problem. However, I would be interested to see in what additional "interesting and unexpected ways" one could break IDLE.

Thank you,
Jim

From taleinat at gmail.com  Tue Jun  6 02:18:46 2023
From: taleinat at gmail.com (Tal Einat)
Date: Tue, 6 Jun 2023 09:18:46 +0300
Subject: [Idle-dev] Why does IDLE use a subprocess?
In-Reply-To: <Q0OoDJxk7PcnYP2hjPclOKRbi4HvaO7hPj9fouF2ZBtxwHCRaCreQZQWdPn_qbFJ6B-PiiIKcMoPNgrokEfinbkqfQpINwSDbI2rBdUoAT8=@proton.me>
References: <2m-4UrFZwtHHD2xPWD7CAeB5szq7JSX4c6ezZ9r2C-1QAow9PNfQTnfrZYJoME9MhyIsLeFyQWOxXz6XAFE7EUsXKXL5qWBluhpw0HGG1oY=@proton.me>
 <CALWZvp5w4jL8PxVCio_zfr=RKPCEruW2d0ZrfxGMzQjX4aoeRw@mail.gmail.com>
 <Q0OoDJxk7PcnYP2hjPclOKRbi4HvaO7hPj9fouF2ZBtxwHCRaCreQZQWdPn_qbFJ6B-PiiIKcMoPNgrokEfinbkqfQpINwSDbI2rBdUoAT8=@proton.me>
Message-ID: <CALWZvp5Dj5z0gq9NwndzLL2tnQY9ud2rt-LQaUc7Wvrp6Snzcg@mail.gmail.com>

On Sun, Jun 4, 2023 at 4:41?AM James Schaffler <jschaffler at proton.me> wrote:
>
> However, I would be interested to see in what additional "interesting and unexpected ways" one could break IDLE.

You're welcome to try it yourself! Run IDLE without a subprocess by
passing the "-n" flag (e.g. python -m idlelib -n), then in the shell
do things that affect the entire process in various ways.

Some interesting examples: run a tight loop, run some long-running
code that runs compiled code rather than Python code, change global
state such as sys.stdout and sys.stderr, and on and on. Have fun
breaking IDLE!

- Tal

From jschaffler at proton.me  Wed Jun  7 20:28:16 2023
From: jschaffler at proton.me (James Schaffler)
Date: Thu, 08 Jun 2023 00:28:16 +0000
Subject: [Idle-dev] Why does IDLE use a subprocess?
In-Reply-To: <CALWZvp5Dj5z0gq9NwndzLL2tnQY9ud2rt-LQaUc7Wvrp6Snzcg@mail.gmail.com>
References: <2m-4UrFZwtHHD2xPWD7CAeB5szq7JSX4c6ezZ9r2C-1QAow9PNfQTnfrZYJoME9MhyIsLeFyQWOxXz6XAFE7EUsXKXL5qWBluhpw0HGG1oY=@proton.me>
 <CALWZvp5w4jL8PxVCio_zfr=RKPCEruW2d0ZrfxGMzQjX4aoeRw@mail.gmail.com>
 <Q0OoDJxk7PcnYP2hjPclOKRbi4HvaO7hPj9fouF2ZBtxwHCRaCreQZQWdPn_qbFJ6B-PiiIKcMoPNgrokEfinbkqfQpINwSDbI2rBdUoAT8=@proton.me>
 <CALWZvp5Dj5z0gq9NwndzLL2tnQY9ud2rt-LQaUc7Wvrp6Snzcg@mail.gmail.com>
Message-ID: <Y7REfv0XxQGYKtIE1wvMV0s057TUI2OJphDQzkYeras06nuwYtHhYdOqA3HceTz5-xTqRlG4YsoOK9kuVui5-idVjJ_DUTRDFC3MHmZaFQs=@proton.me>

Hi Tal,

On Tuesday, June 6th, 2023, Tal Einat wrote:
> You're welcome to try it yourself! Run IDLE without a subprocess by
> passing the "-n" flag (e.g. python -m idlelib -n), then in the shell
> do things that affect the entire process in various ways.
> 
> Some interesting examples: run a tight loop, run some long-running
> code that runs compiled code rather than Python code, change global
> state such as sys.stdout and sys.stderr, and on and on. Have fun
> breaking IDLE!

Will try! Thank you!

Jim

From SARVIKB at EMAIL.LACCD.EDU  Mon Jun 12 20:49:59 2023
From: SARVIKB at EMAIL.LACCD.EDU (Sarvi, Kayvon B)
Date: Tue, 13 Jun 2023 00:49:59 +0000
Subject: [Idle-dev] VPAT/WCAG 2.1 request
Message-ID: <SJ0PR03MB56941E903FC79B171556400BFD55A@SJ0PR03MB5694.namprd03.prod.outlook.com>

To Whom It May Concern:

The LACC Math Department would like to consider using IDLE for teaching our courses. We kindly request a VPAT/WCAG 2.1 of IDLE for LACCD District's LTI Review Team to review the accessibility requirements. Please provide the VPAT/WCAG 2.1 in PDF or Word document for our college district review process.

Thank you for your time.

Kayvon Sarvi
Los Angeles City College
Math Department
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.python.org/pipermail/idle-dev/attachments/20230613/ab47412a/attachment.html>