open == file considered harmful (Re: [Python-Dev] RE:
rexec.pyunuseable)
Michael Chermside
mcherm at mcherm.com
Thu Dec 18 08:15:24 EST 2003
[Michael Chermside]
> ... INSTANCES of 'file' and could access
> f.__class__. [...] so for restricted code we return something
> like this:
>
> class FakeFile:
> def __eq__(self, other):
> return other == file
>
[Guido]
> Are you aware of the original issue, which is that as soon as you have
> a file *instance* (which might have been given to you by a very
> restrictive open() variant), you can always get to the file *class*
> using the __class__ attribute? Access to the __class__ attribute is
> useful for all sorts of reasons.
Yes, I'm aware of that issue... in fact that's what I'm trying to
address here, but I'm obviously not doing a good job of expressing
myself. I was thinking of the restricted code having access to an
instance of 'file' named 'myFileInstance'. This instance has peculiar
behavior when you access 'myFileInstance.__class__'. Instead of
returning the class object 'file', it returns a class object like
'FakeFile' (which I *should* have made a subclass of 'type').
This whole plan is based on two misconceptions. The first is that
access to __class__ is the only way to use introspection to access
things of greater power (like the class) from an instance. It's
NOT the only way, I'm just hoping that the others can be fully
enumerated (somewhat shaky, but perhaps possible) and can be fixed
in similar ways (maybe true). The other misconception (apparently)
is that the only real USE for accessing the __class__ attribute
is for testing class membership. You said above that it's useful
"for all sorts of reasons"... I'm wondering what they are.
And yes... I *also* realize that there's not a whole lot of
difference between an instance which behaves oddly under
introspection and one which is wrapped in a proxy. But I realize
that providing a secure proxy is somewhat difficult and I'm
wondering if the other approach is more useful.
[Guido]
> Yes, even for 3.0 this is still a dream...
True enough. So feel free to just drop the issue if you've got
better (ie, more immediate) things to spend your time on. I
wouldn't want to see you get a pie by default because there
wasn't time to complete a test suite!
-- Michael Chermside
More information about the Python-Dev
mailing list