On 21-sep-2005, at 21:04, Guido van Rossum wrote:
A system like Java's classloader would be helpfull, where the classloader of a class is used to load the classes used by that class. I have no idea if this can be adapted to python at all. A strict coding style seems to work for now.You can do something like this using the restricted execution support, which works by setting the __builtins__ name in a dict where you exec code, and overriding __import__ in that __builtins__ dict. (I can't explain it too well in one paragraph, just go look up the rexec.py source code.) It's not great for guaranteeing there's absolutely no escape possible from the sandbox, but it works well enough to make accidental resource sharing a non-issue (apart from the OS shared resources and the built-in types). A misfeature (for this purpose) is that certain kinds of introspection are disabled (this was of course to enable restricted execution).
Replacing __builtins__ hadn't crossed my mind yet. My first cut at building plugins played games with __path__, Bob then replaced that by a version that actually works using py2app.
The sandbox doesn't need to closed for plugins, it's only needed to avoid accidental naming clashes (two independent plugins that contain a util module). I don't know if restrictions on introspection would be an issue, I haven't felt the need to write real plugins yet. Well other than the 'look I've a python interpreter inside <your favorite app goes here>' demo plugins.
Ronald
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
