Hi Brett,
On Wed, Jul 05, 2006 at 05:01:48PM -0700, Brett Cannon wrote:
And if Armin and/or Samuele sign off that what we find is most likely (with
most likely equalling 99% chance) all there is, then bonus points and I
will *really* be convinced. =)
I don't think I can sign off that.
Armin Rigo writes:
I don't think I can sign off [on hiding the file type]. Really hiding
Python objects is quite hard IMHO.
I agree. But we don't have to give up yet. How about instead of hiding
file, we cripple it. Completely. Modify the file type so that when
executing on a sandboxed
On 7/6/06, Michael Chermside [EMAIL PROTECTED] wrote:
Armin Rigo writes: I don't think I can sign off [on hiding the file type].Really hiding Python objects is quite hard IMHO.
I agree. But we don't have to give up yet. How about instead of hidingfile, we cripple it. Completely. Modify the file
On 7/6/06, Armin Rigo [EMAIL PROTECTED] wrote:
Hi Brett,On Wed, Jul 05, 2006 at 05:01:48PM -0700, Brett Cannon wrote: And if Armin and/or Samuele sign off that what we find is most likely (with most likely equalling 99% chance) all there is, then bonus points and I
will *really* be convinced.=)I
On 7/6/06, Michael Chermside [EMAIL PROTECTED] wrote:
Me: I agree. But we don't have to give up yet. How about instead of hiding file, we cripple it. Completely. Modify the file type so that when executing on a sandboxed interpreter, all of the dangerous methods
and attributes of file throw
To make sure I don't unfairly block out capabilities as a complete security model instead of just crippling 'file's constructor (I do like capabilities and think it is a good model, really!), let's discuss how one can get to the 'file' type without importing any extension modules (that can be
Brett Cannon wrote:
Can anyone think of any other way to gain access to 'file' without
importing a module?
In principle, it might be possible to find file in the func_defaults
or func_globals of some function, which might be defined as
orig_file = file
def file(...):
...
I couldn't find
