I was reading over some of the new(er) comments on the Bugzilla Language comments page and one of them caught my eye:
Zope 3 indeed has zope.security (soon coming as an egg near you :). README.txt, code, svn co svn://svn.zope.org/repos/main/zope.security/trunk zope.security) — faassen
Reading that reminded me of Brett Cannon’s work around securing the interpreter.
Restricted access / sand boxing is something I’d love to poke around in (one day, the amount of things I want to work on is growing) — the OLPC uses the very nice Bitfrost model for it’s security “platform” and having something easily access/leveraged within the Python interpreter landscape for secure python application implementation would be great.
You can see some of Brett’s additional work here:Python security paper online and Rethinking Imports
Here’s a cool ASPN recipe too: Restricted “safe” eval.
I highly recommend people look at the new Zope stuff and Brett’s work, I’ll be freshening my python src tree dump and try compiling it one of these days.
-
Martijn Faassen