[Python-checkins] r50596 - python/branches/bcannon-sandboxing/sandboxing_design_doc.txt

brett.cannon python-checkins at python.org
Wed Jul 12 05:07:13 CEST 2006 

Author: brett.cannon
Date: Wed Jul 12 05:07:12 2006
New Revision: 50596

Modified:
   python/branches/bcannon-sandboxing/sandboxing_design_doc.txt
Log:
Add comments on what needs to be covered to properly watch all memory allocation.


Modified: python/branches/bcannon-sandboxing/sandboxing_design_doc.txt
==============================================================================
--- python/branches/bcannon-sandboxing/sandboxing_design_doc.txt	(original)
+++ python/branches/bcannon-sandboxing/sandboxing_design_doc.txt	Wed Jul 12 05:07:12 2006
@@ -49,7 +49,30 @@
 Implementation
 --------------
 
+* add __sandbox__
+* merge from HEAD
+    + last merge on rev. 47248
+* remove bare malloc()/realloc()/free() uses
 * note in SpecialBuilds.txt
+* protect memory usage
+    - _PyObject_New
+    - _PyObject_NewVar
+    - _PyObject_Del
+    - PyObject_New
+    - PyObject_NewVar
+    - PyObject_Del
+    - PyMem_Malloc
+    - PyMem_Realloc
+    - PyMem_Free
+    - PyMem_New
+    - PyMem_Resize
+    - PyMem_Del
+    - PyMem_MALLOC
+    - PyMem_REALLOC
+    - PyMem_FREE
+    - PyMem_NEW
+    - PyMem_RESIZE
+    - PyMem_DEL
 
 
 Goal
@@ -493,6 +516,44 @@
 also allows the protection to be at the interpreter level instead of at
 the process level.
 
+Existing APIs to protect:
+- _PyObject_New()
+    protected directly
+- _PyObject_NewVar()
+    protected directly
+- _PyObject_Del()
+    remove macro that uses PyObject_Free() and protect directly
+- PyObject_New()
+    implicitly by macro using _PyObject_New()
+- PyObject_NewVar()
+    implicitly by macro using _PyObject_NewVar()
+- PyObject_Del()
+    redefine macro to use _PyObject_Del() instead of PyObject_Free()
+- PyMem_Malloc()
+    protected directly
+- PyMem_Realloc()
+    protected directly
+- PyMem_Free()
+    protected directly
+- PyMem_New()
+    implicitly protected by macro using PyMem_Malloc()
+- PyMem_Resize
+    implicitly protected by macro using PyMem_Realloc()
+- PyMem_Del
+    implicitly protected by macro using PyMem_Free()
+- PyMem_MALLOC
+    redefine macro to use PyMem_Malloc()
+- PyMem_REALLOC
+    redefine macro to use PyMem_Realloc()
+- PyMem_FREE
+    redefine macro to use PyMem_Free()
+- PyMem_NEW
+    implicitly protected by macro using PyMem_MALLOC()
+- PyMem_RESIZE
+    implicitly protected by macro using PyMem_REALLOC()
+- PyMem_DEL
+    implicitly protected by macro using PyMem_FREE()
+
 
 Why
 --------------
@@ -523,7 +584,8 @@
 * PySandbox_AllowedMemoryAlloc(integer, error_return)
     Macro to increase the amount of memory that is reported that the
     running sandboxed interpreter is using.  If the increase puts the
-    total count passed the set limit, raise an SandboxError exception
+    total count passed the set limit or leads to integer overflow in
+    the allocation count, raise an SandboxError exception
     and cause the calling function to return with the value of
     'error_return', otherwise do nothing.

More information about the Python-checkins mailing list