[e-lang] An object-capability subset of Python
Brett Cannon
brett at python.org
Tue Sep 16 13:19:54 CDT 2008
On Mon, Sep 15, 2008 at 4:57 PM, Karp, Alan H <alan.karp at hp.com> wrote:
> Brett Cannon wrote:
>>
>> But even if we were trying to create a secure subset, no one stepped
>> forward to point out any security implications of the decision. I
>> honestly might be the closest thing we have to being a "security
>> expert" on the core team and that is not saying much.
>>
> Maybe you should forward interesting proposals to this list for comments. That goes for people working on other language efforts, too. Very often a small difference in a language feature makes all the difference in providing a secure subset.
>
I have no problem bringing stuff up here in parallel while it is being
discussed on python-dev, but the trick with that is me recognizing
that a certain feature weakens Python's security. In the case of
unbound methods, I honestly didn't think for a second it had any
security implications so I didn't worry about it from that
perspective.
At this point I am still trying to finish my rewrite of Python's
import machinery so I can still follow through with my plans of
securing Python in embedded situations. Seeing if there is a way to
add or at least support obj-cap is no where near the front of my brain
when evaluating Python features at the moment.
-Brett
More information about the e-lang
mailing list