| |||||||||||||
Reviving Python restricted modeReviving Python restricted modePosted Mar 6, 2009 19:00 UTC (Fri) by jimparis (subscriber, #38647)Parent article: Reviving Python restricted mode
http://tav.espians.com/a-challenge-to-break-python-securi...
Wow, that's downright scary. "Here are more and more esoteric ways to crack this software. Once we can't think of any more, it's definitely secure!"
What ever happened to proper security design, where you start with nothing and grant just the permissions you want? Designing with security in mind from the start?
(Log in to post comments)
Reviving Python restricted mode Posted Mar 6, 2009 21:42 UTC (Fri) by nix (subscriber, #2304) [Link]
Um, this is making the core safe, i.e. making sure there's nothing
intrinsic to Python classes or the interpreter core -- the language itself -- that lets you break out of restricted mode.
The *modules* will be whitelisted piece by piece as you suggest.
Reviving Python restricted mode Posted Mar 6, 2009 22:32 UTC (Fri) by njs (guest, #40338) [Link]
There are languages designed like that (E is probably the most prominent). It's obviously the right way to do it.
Nobody (within epsilon) uses them :-(
|
|||||||||||||