[Zope-dev] Re: RestrtrictedPython vs zope.security.untrustedpython
Chris Withers
chris at simplistix.co.uk
Thu Nov 22 12:08:01 EST 2007
Dieter Maurer wrote:
> Chris Withers wrote at 2007-11-20 23:55 +0000:
>> Dieter Maurer wrote:
>>> You execute their code in a "globals" the "__builtins__" of which
>>> contains precisely the builtins you want to give them.
>> unfortunately that still leaves the import problems, correct?
>
> The "import" "command" is mapped to the "__import__" builtin.
>
> Thus, changing the "__import__" builtin....
Hmmm, looking into this more. I think fiddling with supplying
__builtins__ and __import__ is susceptible to those being deleted from
the local or global namespace and so being replaced by ones from the
above namespace.
Am I right in seeing those as security risks? These seem to be some of
the reasons rexec and bastion were dropped from python:
http://bugs.python.org/issue577530
http://mail.python.org/pipermail/python-dev/2002-December/031160.html
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope-Dev
mailing list