On 11 May 2005 05:56:04 -0700, [EMAIL PROTECTED] wrote:
>Sorry, should maybe have used __import__ as an example.
>Let's say I grab import, store the reference within the Isolate class
>and then redirect the builtin import to a function in the Isolate class
>which only allows certain modules to be imported -eg not sys. Would
>this be secure?
>
Probably not. For example:
>>> (1).__class__.__bases__[0].__subclasses__()[-1]('/dev/null')
<open file '/dev/null', mode 'r' at 0xb7df53c8>
Security through subtracting features usually ends up leaving some holes
around (because there's just that *one* more thing you missed). What the holes
are depends on the details of the implementation, but they pretty much always
exist. Making a reference-restricted Python interpreter is a large challenge:
you either have to spend a huge amount of effort taking things out of CPython
(months and months of development time, at least), or write a new interpreter
from scratch.
Older versions of Python thought they had this licked, see the rexec module
for the attempt that is no longer maintained.
Jp
--
http://mail.python.org/mailman/listinfo/python-list
