[Python-Dev] Re: Capabilities - published interfaces

Aahz aahz at pythoncraft.com
Sat Dec 20 10:16:29 EST 2003 

On Sat, Dec 20, 2003, Luke Kenneth Casson Leighton wrote:
> On Sat, Dec 20, 2003 at 09:08:43AM -0500, Aahz wrote:
>> On Sat, Dec 20, 2003, Luke Kenneth Casson Leighton wrote:
>>>
>>> one of the things that is strangely lacking in python is the ability
>>> to restrict access to python objects, a la public, protected and
>>> private from c++.
>>>
>>> from a restricted execution perspective, this is not really okay.
>> 
>> Yup.  That really is the fundamental issue.  Python has been deliberately
>> designed to let programmers do whatever they want; it's a "let the
>> grownups play" perspective.  
> 
>  as python moves into a more mainstream acceptance, it becomes more
>  of an issue to let the kiddies bash themselves with rubber hammers.

That's an assertion.  I think to a certain extent you'll need to prove
your assertion.

>> Another major reason is because restricted execution from within
>> Python can never completely solve the problem unless we devote vast
>> amounts of effort.  Consider the following two snippets of code:
>>
>>     100 ** 100 ** 100
>>     [None] * (10 ** 10)
>> 
>> The first chews up CPU; the second chews up memory.
> 
>  i infer from these two observations that some of the requirements
>  of restricted execution could be to conserve CPU and memory?

Exactly.  From my observations of these discussions, there are
essentially only two reasons for restricted execution:

* To simplify things by reducing the potential solution space

* To protect a system against a hostile attacker

There are already many ways to achieve the first objective in Python
without restricted execution.  For the second, there's really no way to
succeed without help from the operating system, unless you run a server
with a limited set of capabilities that does *not* include random code.
There are already plenty of servers written in Python....

Supposedly there's a middle ground of untrusted but non-hostile code,
but what's the point of providing support for that?
-- 
Aahz (aahz at pythoncraft.com)           <*>         http://www.pythoncraft.com/

Weinberg's Second Law: If builders built buildings the way programmers wrote 
programs, then the first woodpecker that came along would destroy civilization.

More information about the Python-Dev mailing list