classification
Title: bcannon secure branch issues
Type: Stage:
Components: None Versions:
process
Status: closed Resolution: invalid
Dependencies: Superseder:
Assigned To: brett.cannon Nosy List: brett.cannon, jimjjewett
Priority: normal Keywords:

Created on 2006-08-24 19:30 by jimjjewett, last changed 2006-08-24 20:57 by brett.cannon. This issue is now closed.

Messages (2)
msg29678 - (view) Author: Jim Jewett (jimjjewett) Date: 2006-08-24 19:30 
Referring to http://svn.python.org/view/python/
branches/bcannon-sandboxing/
securing_python.txt?view=markup but there doesn't seem 
to be a group/category for feedback on branches.

The sys module should *not* be shared between 
interpreters, even though it is an extension module.  
(If need be, each sys module can be a proxy that 
itself imports from the "real" sys.)  sys should 
probably also be filled explicitly on creation, like 
builtins.  (And the same for os, os.path?)

Note that this will affect which sys.attributes should 
be available (perhaps read-only) or hidden by default -
- and that should really only be by default.

For specific examples:

 + some programs modify sys.argv to communicated 
between modules.  So long as the initial value of 
sys.argv is set to something sufficiently discreet, 
there should be no problem letting them continue to do 
so.  
 + The current draft hides sys.subversion (revealing 
unpatched bugs?) but shows sys.version (which reveals 
the same information, at a coarser grain).
 + getdefaultencoding may compromise privacy 
information, particularly for smaller languages.
msg29679 - (view) Author: Brett Cannon (brett.cannon) * (Python committer) Date: 2006-08-24 20:57 
Logged In: YES 
user_id=357491

The 'sys' module won' be shared since it is unique per
interpreter at the C level.
History
Date User Action Args
2006-08-24 19:30:19jimjjewettcreate