Chris Withers wrote at 2007-11-22 17:08 +0000: >Dieter Maurer wrote: >> Chris Withers wrote at 2007-11-20 23:55 +0000: >>> Dieter Maurer wrote: >>>> You execute their code in a "globals" the "__builtins__" of which >>>> contains precisely the builtins you want to give them. >>> unfortunately that still leaves the import problems, correct? >> >> The "import" "command" is mapped to the "__import__" builtin. >> >> Thus, changing the "__import__" builtin.... > >Hmmm, looking into this more. I think fiddling with supplying >__builtins__ and __import__ is susceptible to those being deleted from >the local or global namespace and so being replaced by ones from the >above namespace. > >Am I right in seeing those as security risks? These seem to be some of >the reasons rexec and bastion were dropped from python:
There have been reasons why Python no longer promisses a secure restricted environment.... > >http://bugs.python.org/issue577530 When you look carefully, you see that this problem has been fixed. >http://mail.python.org/pipermail/python-dev/2002-December/031160.html You handle this with security proxied objects, right? Security questions are very delicate. Nobody will probably give you a garantee that the approach is really safe. -- Dieter _______________________________________________ Zope-Dev maillist - [email protected] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
