[Zope-dev] Re: does zope 3 still have a restricted python environment?

Tres Seaver tseaver at palladion.com
Mon Nov 19 10:42:38 EST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris Withers wrote:
> Chris Withers wrote:
>> I know we have security proxies nowadays and I'm hoping these have made
>> things much more efficient that the old Zope 2 way of doing things
>> (anyone have any ideas on this?) but is there still a way of running a
>> piece of python in an environment where imports are controlled and
>> "dangerous" builtins (ie: ones that would allow you to circumvent the
>> security policy) are restricted?
> 
> Okay, I see two potentially interesting things:
> 
> http://svn.zope.org/zope.security/trunk/src/zope/security/untrustedpython/
> 
> and
> 
> http://svn.zope.org/RestrictedPython/trunk/src/RestrictedPython/
> 
> Are either of these still in use/maintained?

Both are.  RestrictedPython is still used in Zope2.  The
'untrustedpython' bit has lots of dependencies, and so is available as
an "extra" for zope.security, e.g.:

  $ bin/easy_install --index-url=http://download.zope.org/zope3.4 \
                     zope.security[untrustedpython]

My guess is that the dependency furball there needs untangling;
however, that command line *does* get the pacakge installed.



Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHQa7u+gerLs4ltQ4RAkYyAJ9fNyKTueny8Uy3ArmpHJxsmlFZrwCffE31
av7nmTBBMR9j13QygW3rYVo=
=3see
-----END PGP SIGNATURE-----



More information about the Zope-Dev mailing list