In article <[EMAIL PROTECTED]>, Ben Finney <[EMAIL PROTECTED]> wrote:
> "Emanuele D'Arrigo" <[EMAIL PROTECTED]> writes: > > > On Nov 1, 12:44 am, Lawrence D'Oliveiro wrote: > > > I think the most reliable solution is to take advantage of a level > > > in the system that already has to provide protection against > > > malicious code: use a chroot jail. > [â¦] > > > > [sigh] That sound a little overkill for a small application. I guess > > somebody should come up with a sandbox version of python, that can > > be executed, say, with a directory provided as a parameter and all > > the os calls are never made above that level. > > That's exactly what a chroot jail *is*, except you don't need to wait > for a special version of Python. What's more, the kernel is in a much better position to understand how a pathname maps to a location in the physical file system than any application could. Should Python attempt to understand what it means to traverse a symlink? A mount point?
-- http://mail.python.org/mailman/listinfo/python-list
