Phillip J. Eby wrote: > At 01:00 PM 7/23/2006 -0700, Brett Cannon wrote: > >>I obviously don't want to change the feel of Python, but if I have to >>remove the constructor for code objects to prevent evil bytecode or >>__subclasses__() from object to prevent poking around stuff, then so be >>it. For this project, security is [trumping] backwards-compatibility when >>the latter is impossible in order to have the former. I will obviously >>try to minimize it, but something that works at such a basic level of the >>language is just going to require some changes for it to work. > > Zope 3's sandboxing machinery manages to handle securing these things > without any language changes. So, declaring it "impossible" to manage > without backward compatibility seems inappropriate, or at least > incorrect.
... if Zope's sandboxing is secure. I haven't done a security review of it, but your argument assumes that it is. In any case, Zope's sandboxing is not capability-based. -- David Hopwood <[EMAIL PROTECTED]> _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com