For a rather large application I am writing and will be running for a commercial service, I ran into the restricted environment problem. I had looked at the CPython code and concluded it would be a rather large job to secure it (if I had the time and the intimate understanding). Instead I opted for a cheap approach: 'chroot' the execution.
To get around the issue of files and directories I need to access, I use the 'bind' version of mount. This allows me to mount just those specific subdirectories I need. I mount them r/o (if I need to protect them). I have thought the approach would work to make a plug-in for Firefox, though lacking the time and the knowledge has stopped me from experimenting. I know it won't work directly under Windows, but I know I don't care. FWIW, Chuck Wegrzyn _______________________________________________ Python-3000 mailing list Python-3000@python.org http://mail.python.org/mailman/listinfo/python-3000 Unsubscribe: http://mail.python.org/mailman/options/python-3000/archive%40mail-archive.com
