On 1/20/07, M.-A. Lemburg <[EMAIL PROTECTED]> wrote: > On 2007-01-20 00:01, Brett Cannon wrote: > > On 1/19/07, M.-A. Lemburg <[EMAIL PROTECTED]> wrote: > >> On 2007-01-19 22:33, Brett Cannon wrote: > >>>> That's a typical error situation you get in __del__ methods at > >>>> the time the interpreter is shut down. > >>>> > >>> Yeah, but in this case this is at the end of Py_Initialize() for the > >>> stuff I am doing to the interpreter. =) > >> Is that in some error branch of Py_Initialize() ? Otherwise > >> I don't see how the modules could get garbage-collected. > >> > > > > Nope, it's code I am adding to clean out sys.modules of stuff the user > > didn't import themselves; it's for security reasons. > > I'm not sure whether that's really going to increase > security: unloading of modules usually isn't safe and you > cannot be sure that it's possible to reinitialize a C > module once it has been loaded in the process. For Python > modules this is often possible, but there still may be > side-effects of the import that you cannot easily undo. > > Perhaps you should just move those modules out to a different > dictionary and keep track of it in the import mechanism, so > that while you can't access the module directly via sys.modules, > the import mechanism still knows that it has been loaded and > reinserts it into sys.modules if it gets imported again. >
That's an idea. > I think that you get more security by explicitly > limiting which modules and packages you allow to be imported > in the first place and restricting what can be done with > sys.path and sys.modules. > That's what I am doing. I just wanted to simplify things by having import not worry about what is already in sys.modules and just always assume what is there is safe. -Brett _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com