On Thursday 10 July 2008, ranjith kannikara wrote:
> During the porting of zope2 to python2.5 I am in need and guidance on
> doing the security auditing of RestrictedPython for python2.5 . Now a
> person named Chris Withers had volunteered for helping. And I will be
> happy to get guidance and help from Chris Withers.

Since I am heavily using Python 2.5 and RestrictedPython, I gave zope.proxy a 
good shake. I also looked at the safe builtins declarations and updated them. 
I have not yet reviewed the byte code hacks, which is the most complicated 
aspect. How much experience do you have with the Python AST implementation?

You basically need to find out how the AST changed from Python 2.4 to 2.5 and 
then make sure that every attribute and item access is overwritten with the 
secure lookup version.

Stephan Richter
Web Software Design, Development and Training
Google me. "Zope Stephan Richter"
Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to