On 7/7/06, Guido van Rossum <guido at python.org> wrote: > > On 7/8/06, Ka-Ping Yee <python-dev at zesty.ca> wrote: > > The situation you're describing here is a classic case of one > > component keeping a closely held authority while using it to > > provide some limited capability to some other component. This > > comes up quite often when you're trying to write secure code. > > > > If you want to be able to write that subsystem in Python, then > > we will need a way to create airtight Python objects (i.e. objects > > that only leak what they explicitly choose to leak). > > > > So this goes back to the big question of goals: > > > > Do we want to be able to protect one piece of Python code > > from another piece of Python code? > > > > I'd like the answer to be yes. It sounded for a while like this > > was not part of Brett's plan, though. Now i'm not so sure. It > > sounds like you're also interested in having the answer be yes? > > > > Let's keep talking about and playing with more examples -- i think > > they'll help us understand what goals we should aim for and what > > pitfalls to anticipate before we nail down too many details. > > I'd like the answer to be no, because I don't believe that we can > trust the VM to provide sufficient barriers. The old pre-2.2 > restricted execution mode tried to do this but 2.2 punched a million > holes in it. Python isn't designed for this (it doesn't even enforce > private attributes). I guess this is also the main reason I'm > skeptical about capabilities for Python. My plan is no. As Guido said, getting this right is feasibly questionable. I do not plan on trying to have security proxies or such implemented in Python code; it will need to be in C. If someone comes along and manages to find a way to make Python work without significantly changing the languages, great, and we can toss out my security implementation for that. But as of right now, I am not planning on making Python code safe to run in Python code. -Brett -- > --Guido van Rossum (home page: http://www.python.org/~guido/) > _______________________________________________ > Python-Dev mailing list > Python-Dev at python.org > http://mail.python.org/mailman/listinfo/python-dev > Unsubscribe: > http://mail.python.org/mailman/options/python-dev/brett%40python.org > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.python.org/pipermail/python-dev/attachments/20060708/1edabd3c/attachment.html
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4