On Tue, 8 Aug 2006 14:31:59 -0700, Guido van Rossum wrote: > Isn't a problem with ctypes that such extensions can no longer > guarantee "no segfaults"?
How would you guarantee the "no segfaults" policy for every other bindings involved? In either case, auditing an extension written using ctypes or rctypes is potentially simpler than looking at Pyrex or C code. (Think of memory management, ref counting etc.) > This pretty much completely rules them out for use in sandboxes such > as what Brett Cannon is currently working on. Of course you will have severe problems if you allow somebody to do unprotected calls to dynamic libraries. But at least I am not sure if this a problem of using CTypes ... it should be possible to e.g. flag the code using CTypes classes to be in a different security class than the user-sandboxed code. Building the barrier on the C level might be too restrictive in real world applications. > With hand-written extensions at least you can audit them to decide > whether they are safe enough. Please elaborate on that point - why isn't a ctypes extension "hand-written"? Kind regards, Alexander _______________________________________________ Python-3000 mailing list [email protected] http://mail.python.org/mailman/listinfo/python-3000 Unsubscribe: http://mail.python.org/mailman/options/python-3000/archive%40mail-archive.com
