[Zope-dev] Re: does zope 3 still have a restricted python
environment?
Tres Seaver
tseaver at palladion.com
Mon Nov 19 10:42:38 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chris Withers wrote:
> Chris Withers wrote:
>> I know we have security proxies nowadays and I'm hoping these have made
>> things much more efficient that the old Zope 2 way of doing things
>> (anyone have any ideas on this?) but is there still a way of running a
>> piece of python in an environment where imports are controlled and
>> "dangerous" builtins (ie: ones that would allow you to circumvent the
>> security policy) are restricted?
>
> Okay, I see two potentially interesting things:
>
> http://svn.zope.org/zope.security/trunk/src/zope/security/untrustedpython/
>
> and
>
> http://svn.zope.org/RestrictedPython/trunk/src/RestrictedPython/
>
> Are either of these still in use/maintained?
Both are. RestrictedPython is still used in Zope2. The
'untrustedpython' bit has lots of dependencies, and so is available as
an "extra" for zope.security, e.g.:
$ bin/easy_install --index-url=http://download.zope.org/zope3.4 \
zope.security[untrustedpython]
My guess is that the dependency furball there needs untangling;
however, that command line *does* get the pacakge installed.
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHQa7u+gerLs4ltQ4RAkYyAJ9fNyKTueny8Uy3ArmpHJxsmlFZrwCffE31
av7nmTBBMR9j13QygW3rYVo=
=3see
-----END PGP SIGNATURE-----
More information about the Zope-Dev
mailing list