Armin Rigo wrote: > Hi all, > > On Monday I was at an inspiring seminar about (a specific form of) > language-level security. I've collected the PyPy-ification of these > ideas there: > > http://codespeak.net/svn/pypy/dist/pypy/doc/discussion/security-ideas.txt > > Although the focus is different, it makes me think that we could also > use similar ideas to implement a form of 'rexec' (restricted execution), > with functions compiled by secure() as in the draft above, but running > at a priviledge level which is lower than the default ambiant level > instead of higher.
As a general note it might be useful to talk to Jim Fulton for real-world experience concerning language-level security in Python. I'll cc him so he at least is aware of your security ideas document. In Zope 2, there is a precompiler for untrusted Python code, offering, as far as I understand, true language-level security. In Zope 3 this approach has been dropped as hard to maintain and replaced with object level security (attribute access is controlled with a permission system). Regards, Martijn _______________________________________________ [email protected] http://codespeak.net/mailman/listinfo/pypy-dev
