Re: [glob2-devel] Embedded scripting language (again)

[Bradley Arsenault]

On 2/22/06, Martin Voelkle <address@hidden> wrote:
> >     1) A full, version and operating system portable vm dump, if desired
>
> Again, could you *please* give some reference for this? A link to the
> corresponding API, anything.
> If you are talking about the heap only (global dict), then this is not
> full: the stack is missing.
>
The api is called Python.Pickle. There is also Python.Marshal, which
is faster, but less portable.
http://docs.python.org/lib/module-cPickle.html
http://docs.python.org/lib/module-marshal.html

> >     2) Thread support isn't the worlds best, but it lives up to our
> > requirements. Threads are only needed for Map Scripts, they are
> > optional but elegant (we could more simply have a callback system)
>
> As MWM said, coroutines are easy to implement.
>
> >     2) Can allow a hacker access to the underlieing system if he/she
> > is experienced enough and willing to work around all inplace security
> > features (python does have them)
>
> Like with any other runtime anyway.
> Can you give us some links to the security features?
>
Hmm, after discussing with the python crew for some while, it seems as
though my original, internal security ideas don't work. You can,
however, filter the input script for any "import" or "open", and that
covers about 99% of what a person could try to do (open opens files,
and if they can't import anything we haven't already, they won't have
access to any more than the basic feature set, of which open is pretty
much the only danger) You can make the following note: If someone
creates a script to destroy their harddrive, they are the only ones
who are going to use it, if they send it to the ftp, it can be
filtered, and no damage done.
> Martin
>
>
> _______________________________________________
> glob2-devel mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/glob2-devel
>