[Python-checkins] r52331 - python/branches/bcannon-objcap/securing_python.txt

brett.cannon python-checkins at python.org
Sat Oct 14 20:46:32 CEST 2006

• Previous message: [Python-checkins] r52327 - python/trunk/Doc/lib/libsqlite3.tex
• Next message: [Python-checkins] r52332 - in python/trunk: Lib/test/test_peepholer.py Misc/NEWS Python/import.c Python/peephole.c
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Author: brett.cannon
Date: Sat Oct 14 20:46:32 2006
New Revision: 52331
Modified:
 python/branches/bcannon-objcap/securing_python.txt
Log:
Add comment about something to watch out for when new import lands and
inheriting abilities for the sys data dict is dealt with.
Modified: python/branches/bcannon-objcap/securing_python.txt
==============================================================================
--- python/branches/bcannon-objcap/securing_python.txt	(original)
+++ python/branches/bcannon-objcap/securing_python.txt	Sat Oct 14 20:46:32 2006
@@ -27,6 +27,12 @@
 - open()
 - __import__() / PEP 302 importer (`Imports`_) <critical>
 * Make sure importing built-in modules can be blocked.
+ * Make sure that no abilities are exposed by importers since
+ they will be accessible from inheritance through sys data
+ dict for any created interpreters.
+ + Do not inject full sys module.
+ + Most likely will need to wrap built-in importer so as to
+ be able to effectively block access to sys.
 - execfile()
 * Force to go through open()
 + Prevents opening unauthorized files.

---

• Previous message: [Python-checkins] r52327 - python/trunk/Doc/lib/libsqlite3.tex
• Next message: [Python-checkins] r52332 - in python/trunk: Lib/test/test_peepholer.py Misc/NEWS Python/import.c Python/peephole.c
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-checkins mailing list