[Zope-dev] RestrictedPython implementation in zope2.
Stephan Richter
srichter at cosmos.phy.tufts.edu
Thu Jul 10 19:15:08 EDT 2008
On Thursday 10 July 2008, ranjith kannikara wrote:
> During the porting of zope2 to python2.5 I am in need and guidance on
> doing the security auditing of RestrictedPython for python2.5 . Now a
> person named Chris Withers had volunteered for helping. And I will be
> happy to get guidance and help from Chris Withers.
Since I am heavily using Python 2.5 and RestrictedPython, I gave zope.proxy a
good shake. I also looked at the safe builtins declarations and updated them.
I have not yet reviewed the byte code hacks, which is the most complicated
aspect. How much experience do you have with the Python AST implementation?
You basically need to find out how the AST changed from Python 2.4 to 2.5 and
then make sure that every attribute and item access is overwritten with the
secure lookup version.
Regards,
Stephan
--
Stephan Richter
Web Software Design, Development and Training
Google me. "Zope Stephan Richter"
More information about the Zope-Dev
mailing list