User: Password:
|
|
Subscribe / Log in / New account

Reviving Python restricted mode

Reviving Python restricted mode

Posted Mar 6, 2009 19:00 UTC (Fri) by jimparis (subscriber, #38647)
Parent article: Reviving Python restricted mode

http://tav.espians.com/a-challenge-to-break-python-securi...

Wow, that's downright scary. "Here are more and more esoteric ways to crack this software. Once we can't think of any more, it's definitely secure!"

What ever happened to proper security design, where you start with nothing and grant just the permissions you want? Designing with security in mind from the start?


(Log in to post comments)

Reviving Python restricted mode

Posted Mar 6, 2009 21:42 UTC (Fri) by nix (subscriber, #2304) [Link]

Um, this is making the core safe, i.e. making sure there's nothing
intrinsic to Python classes or the interpreter core -- the language
itself -- that lets you break out of restricted mode.

The *modules* will be whitelisted piece by piece as you suggest.

Reviving Python restricted mode

Posted Mar 6, 2009 22:32 UTC (Fri) by njs (guest, #40338) [Link]

There are languages designed like that (E is probably the most prominent). It's obviously the right way to do it.

Nobody (within epsilon) uses them :-(


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds