Eyal Lotem wrote:
I would like to experiment with security based on Python references as
security capabilities.
Unfortunatly, there are several problems that make Python references
invalid as capabilities:
* There is no way to create secure proxies because there are no
private attributes.
* Lots of
On Sun, 10 Apr 2005, Eyal Lotem wrote:
> It may be really hard to get it right, unless we are overlooking some simple
> solution.
To "get it right", you at least need to know exactly what your
operators mean. I messed up because i failed to realize that
'==' can be redefined, and 'in' depends on
It may be really hard to get it right, unless we are overlooking some simple solution.I disagree that we should "just use OS protections".The
reason I am interested in Pythonic protection is because it is so much
more powerful than OS protections. The capability model is
much more powerful than th
James Y Knight <[EMAIL PROTECTED]> writes:
> On Apr 9, 2005, at 2:13 PM, Michael Hudson wrote:
>
>> The funniest I know is part of PyPy:
>>
>> def extract_cell_content(c):
>> """Get the value contained in a CPython 'cell', as read through
>> the func_closure of a function object."""
>>
On Sat, 9 Apr 2005, James Y Knight wrote:
> You can protect against this, too, but it does show that it's *really*
> hard to get restricting code right...
Good point. If you can't trust ==, then you're hosed.
> I'm of the opinion that it's not
> really worth it -- you should just use OS protecti
On Apr 9, 2005, at 5:37 PM, Ka-Ping Yee wrote:
Let me know if you figure out how to defeat that.
You can protect against this, too, but it does show that it's *really*
hard to get restricting code right...I'm of the opinion that it's not
really worth it -- you should just use OS protections.
unt
Ka-Ping Yee wrote:
On Sat, 9 Apr 2005, Jp Calderone wrote:
Does using the gc module to bypass this security count? If so:
[EMAIL PROTECTED]:~$ python -i facet.py
>>> import gc
>>> c = readonly_facet.__getattr__.func_closure[1]
>>> r = gc.get_referents(c)[0]
>>> r.n = 'hax0r3d'
>
On Sat, 9 Apr 2005, Michael Hudson wrote:
> The funniest I know is part of PyPy:
>
> def extract_cell_content(c):
> """Get the value contained in a CPython 'cell', as read through
> the func_closure of a function object."""
> # yuk! this is all I could come up with that works in Python
On Sat, 9 Apr 2005, Jp Calderone wrote:
> Does using the gc module to bypass this security count? If so:
>
> [EMAIL PROTECTED]:~$ python -i facet.py
> >>> import gc
> >>> c = readonly_facet.__getattr__.func_closure[1]
> >>> r = gc.get_referents(c)[0]
> >>> r.n = 'hax0r3d'
>
On Apr 9, 2005, at 2:13 PM, Michael Hudson wrote:
The funniest I know is part of PyPy:
def extract_cell_content(c):
"""Get the value contained in a CPython 'cell', as read through
the func_closure of a function object."""
# yuk! this is all I could come up with that works in Python 2.2
Jp Calderone <[EMAIL PROTECTED]> writes:
> Does using the gc module to bypass this security count? If so:
>
> [EMAIL PROTECTED]:~$ python -i facet.py
> >>> import gc
> >>> c = readonly_facet.__getattr__.func_closure[1]
> >>> r = gc.get_referents(c)[0]
> >>> r.n = 'hax0r3d'
On Sat, 9 Apr 2005 00:13:40 -0500 (CDT), Ka-Ping Yee <[EMAIL PROTECTED]> wrote:
>On Fri, 8 Apr 2005, Eyal Lotem wrote:
> > I would like to experiment with security based on Python references as
> > security capabilities.
>
> This is an interesting and worthwhile thought. Several people
> (includi
On Fri, 8 Apr 2005, Eyal Lotem wrote:
> I would like to experiment with security based on Python references as
> security capabilities.
This is an interesting and worthwhile thought. Several people
(including myself) have talked about the possibility of doing
this in the past. I believe the two
You might take a look at zope.security:
http://svn.zope.org/Zope3/trunk/src/zope/security/
It isn't a capability-based system, but it does address
similar problems and might have some useful ideas.
See the README.txt and untrustedinterpreter.txt.
Jim
Eyal Lotem wrote:
I would like to experiment w
14 matches
Mail list logo
