[Zope-dev] strange priv leak

[Steve Alexander]

Steve Alexander wrote:
> 
>> Instances of built-in types do not allow extra attributes (nor should 
>> they.)  So, for example, declarePrivate('some_string_attribute') has 
>> no effect, nor did it ever have any effect.
> 
> 
> We don't need instances of built-in types to allow extra attributes.
> So, no need to say {}.__roles__ = something. What we would need is to be 
> able to say dict.__roles__ = something.
> 
> It would be nice if the objects that represent built-in types could have 
> attributes set on them. This would be helpful for some things in Zope 3 
> too.

Actually, a piece of only moderately evil C code could do this.

In Python 2.2, tuple.__dict__ is a dict-proxy object. This is a 
dict-like object that presents a read-only interface to a regular python 
dict.

The struct of a dictproxy is not exported. However, one could abuse 
tp_traverse with an appropriate visiter function to set an item in the 
dict using only the exported C API.

--
Steve Alexander