Re: [Python-Dev] Reviving restricted mode?

Wed, 13 Aug 2014 10:31:06 -0700 

On Thu, 14 Aug 2014, Steven D'Aprano wrote:


On Thu, Aug 14, 2014 at 02:26:29AM +1000, Chris Angelico wrote:

On Wed, Aug 13, 2014 at 11:11 PM, Isaac Morland <ijmor...@uwaterloo.ca> wrote:

While I would not claim a Python sandbox is utterly impossible, I'm
suspicious that the whole "consenting adults" approach in Python is
incompatible with a sandbox.  The whole idea of a sandbox is to absolutely
prevent people from doing things even if they really want to and know what
they are doing.


The point of a sandbox is that I, the consenting adult writing the
application in the first place, may want to allow *untrusted others* to
call Python code without giving them control of the entire application.
The consenting adults rule applies to me, the application writer, not
them, the end-users, even if they happen to be writing Python code. If
they want unrestricted access to the Python interpreter, they can run
their code on their own machine, not mine.



Yes, absolutely, and I didn't mean to contradict what you are saying. 
What I am suggesting is that the basic design of Python isn't a good 
starting point for imposing mandatory restrictions on what code can do. 
By contrast, take something like Safe Haskell.  I'm not absolutely certain 
that it really is safe as promised, but it's starting from a very 
different language in which the compiler performs extremely sophisticated 
type checking and simply won't compile programs that don't work within the 
type system.



This isn't a knock on Python (which I love using, by the way), just being 
realistic about what the existing language is likely to be able to 
support.  Having said that, I'll be very interested if somebody does come 
up with a restricted mode Python that is widely accepted as being secure - 
that would be a real achievement.


Isaac Morland                   CSCF Web Guru
DC 2554C, x36650                WWW Software Specialist
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com






















					Reply via email to