> On 30 May 2023, at 21:10, James Schaffler via Python-list > <python-list@python.org> wrote: > > Originally posted to idle-dev, but thought this might be a better place. Let > me know if it isn't. > > Hi, > > I was curious about the internals of IDLE, and noticed that IDLE uses > executes user code in a "subprocess" that's separate from the Python > interpreter that is running IDLE itself (which does tasks such as making the > window and coloring the text). > > As far as I understand, IDLE runs a modified version of > code.InteractiveInterpreter by sending user code through a socket. Even the > IDLE documentation says that without a subprocess, "user code is not isolated > from IDLE itself." However, some minimal testing of InteractiveInterpreter > leads me to believe that the Interpreter object has its own view of > local/global variables and therefore shouldn't be able to affect the calling > interpreter (please correct me if I'm wrong). > > So my question is a combination of "Why does IDLE use a subprocess?" and "Why > is InteractiveInterpreter not secureuldenough?" What possible security > vulnerabilities exist if one uses IDLE without the subprocess? If anyone > knows (or could point me to information on) why IDLE is designed this way, > I'd really appreciate it. Thank you!
I don’t think it security but robustness that needs the subprocess. You can crash idle with bugs in the code that you are developing. By running your code in a subprocess idle protects itself, and your edits from bugs in your code. Also if your code use tk then it would conflict with idle’s use of tk. That is my assumption on why the subprocess is required. Barry > > Jim > -- > https://mail.python.org/mailman/listinfo/python-list > -- https://mail.python.org/mailman/listinfo/python-list
