[Python-checkins] r51757 - python/branches/bcannon-objcap/securing_python.txt

brett.cannon python-checkins at python.org
Wed Sep 6 02:01:52 CEST 2006

• Previous message: [Python-checkins] r51756 - python/branches/bcannon-objcap/securing_python.txt
• Next message: [Python-checkins] buildbot warnings in x86 XP 2.5
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Author: brett.cannon
Date: Wed Sep 6 02:01:50 2006
New Revision: 51757
Modified:
 python/branches/bcannon-objcap/securing_python.txt
Log:
Cleanup Status; remove implementation details of a safe PyFile C API and remove
built-in functions that were questioned whether they were safe.
Modified: python/branches/bcannon-objcap/securing_python.txt
==============================================================================
--- python/branches/bcannon-objcap/securing_python.txt	(original)
+++ python/branches/bcannon-objcap/securing_python.txt	Wed Sep 6 02:01:50 2006
@@ -15,14 +15,6 @@
 subclasses are actually worth something. [done]
 * Create PyFile_Safe*() version of C API that goes through
 open() built-in.
- + Convert C strings to Python objects and do a direct
- call.
- + Since I/O-bound anyway going from C->Python->C should
- not be a large performance penalty.
- + Function also not called in a tight loop which also
- makes less of a performance-critical operation.
- + Might need to add some C code for easily accessing
- built-in objects.
 - code [done]
 * Add objcap.code_new() function [done]
 - frame
@@ -34,14 +26,13 @@
 + Sandboxed versions of built-ins (`Sanitizing Built-In Types`_)
 - open()
 - __import__() / PEP 302 importer (`Imports`_)
- - compile() (?)
- - eval() (?)
 - execfile()
- - exit() (XXX verify if it kills the interpreter or the process;
- should also check raising SystemExit)
- - input() / raw_input() (XXX make sure it gets its stdin from sys.stdin
- and not sys.__stdin__)
- - globals() / vars() (?)
+ * Force to go through open()
+ + Prevents opening unauthorized files.
+ + Prevents using as a way to probe filesystem.
+ - exit() 
+ * XXX verify that raising SystemExit in a sub-interpreter only
+ exits that sub-interpreter and not the process.
 + Filesystem path hiding (`Filesystem Information`_)
 + Tweaked stdlib modules
 - mini 'sys' module (`Making the ``sys`` Module Safe`_)
@@ -539,8 +530,6 @@
 + Will definitely use the ``open()`` built-in.
 * code objects
 * XXX sockets?
-* XXX type?
-* XXX
 
 
 Filesystem Information
@@ -574,7 +563,6 @@
 * ``object``
 + ``__subclasses__()`` function
 - Remove the function; never seen used in real-world code.
-* XXX
 
 
 Perimeter Defences Between a Created Interpreter and Its Creator

---

• Previous message: [Python-checkins] r51756 - python/branches/bcannon-objcap/securing_python.txt
• Next message: [Python-checkins] buildbot warnings in x86 XP 2.5
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-checkins mailing list