[prev in list] [next in list] [prev in thread] [next in thread]
List: python-list
Subject: Re: Embedding a restricted python interpreter
From: Dieter Maurer <dieter () handshake ! de>
Date: 2005-01-17 19:11:48
Message-ID: x7llarvpjf.fsf () handshake ! de
[Download RAW message or body]
Paul Rubin <http://phr.cx@NOSPAM.invalid> writes on 08 Jan 2005 14:56:43 -0800:
> Dieter Maurer <dieter@handshake.de> writes:
> > It uses a specialized compiler that prevents dangerous bytecode operations
> > to be generated and enforces a restricted builtin environment.
>
> Does it stop the user from generating his own bytecode strings and
> demarshalling them?
Almost surely, I do not understand you:
In the standard setup, the code has no access to most
of Python's runtime library. Only a few selected modules
are deemed to be safe and can be imported (and used) in
"RestrictedPython". "marshal" or "unmarshal" are not considered safe.
Security Declaration can be used to make more modules importable -- but
then, this is an explicite decision by the application developper.
*If* the framework decided to exchange byte code between
user and iterpreter, then there would be no security at
all, because the interpreter is the standard interpreter
and security is built into the compilation process.
Of course, you should not step in *after* the secured step ;-)
Thus, "RestrictedPython" expects that the user sends
Python source code (and not byte code!), it compiles
this source code into byte code that enforces a strict
access and facility policy.
Dieter
--
http://mail.python.org/mailman/listinfo/python-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic