Phillip J. Eby wrote: > At 01:00 PM 7/23/2006 -0700, Brett Cannon wrote: > >>I obviously don't want to change the feel of Python, but if I have to >>remove the constructor for code objects to prevent evil bytecode or >>__subclasses__() from object to prevent poking around stuff, then so be >>it. For this project, security is [trumping] backwards-compatibility when >>the latter is impossible in order to have the former. I will obviously >>try to minimize it, but something that works at such a basic level of the >>language is just going to require some changes for it to work. > > Zope 3's sandboxing machinery manages to handle securing these things > without any language changes. So, declaring it "impossible" to manage > without backward compatibility seems inappropriate, or at least > incorrect. ... if Zope's sandboxing is secure. I haven't done a security review of it, but your argument assumes that it is. In any case, Zope's sandboxing is not capability-based. -- David Hopwood <david.nospam.hopwood at blueyonder.co.uk>
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4