Referring to http://svn.python.org/view/python/
branches/bcannon-sandboxing/
securing_python.txt?view=markup but there doesn't seem
to be a group/category for feedback on branches.
The sys module should *not* be shared between
interpreters, even though it is an extension module.
(If need be, each sys module can be a proxy that
itself imports from the "real" sys.) sys should
probably also be filled explicitly on creation, like
builtins. (And the same for os, os.path?)
Note that this will affect which sys.attributes should
be available (perhaps read-only) or hidden by default -
- and that should really only be by default.
For specific examples:
+ some programs modify sys.argv to communicated
between modules. So long as the initial value of
sys.argv is set to something sufficiently discreet,
there should be no problem letting them continue to do
so.
+ The current draft hides sys.subversion (revealing
unpatched bugs?) but shows sys.version (which reveals
the same information, at a coarser grain).
+ getdefaultencoding may compromise privacy
information, particularly for smaller languages.
|