On Thursday 10 July 2008, ranjith kannikara wrote: > During the porting of zope2 to python2.5 I am in need and guidance on > doing the security auditing of RestrictedPython for python2.5 . Now a > person named Chris Withers had volunteered for helping. And I will be > happy to get guidance and help from Chris Withers.
Since I am heavily using Python 2.5 and RestrictedPython, I gave zope.proxy a good shake. I also looked at the safe builtins declarations and updated them. I have not yet reviewed the byte code hacks, which is the most complicated aspect. How much experience do you have with the Python AST implementation? You basically need to find out how the AST changed from Python 2.4 to 2.5 and then make sure that every attribute and item access is overwritten with the secure lookup version. Regards, Stephan -- Stephan Richter Web Software Design, Development and Training Google me. "Zope Stephan Richter" _______________________________________________ Zope-Dev maillist - [email protected] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
