This repository has been archived by the owner on Aug 30, 2019. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 31
/
TODO
62 lines (54 loc) · 2.5 KB
/
TODO
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
Major tasks
-----------
* Remove sandbox.call(): os.fork() is not available on Windows
* Replace pickle with marshal?
* Re-enable ClearImport() protection: break test_random test
* Limit input/output size for call_fork()?
* subprocess should use a pipe or socket instead of a named file. Reuse
subprocess and multiprocessing?
* subprocess: disable site module (use -S)
* Windows:
* Test subprocess: no fork!
* Implement memory limit
* Python3 support: fix proxy()
* Clear sys.modules?
Minor tasks
-----------
* Clear sys.last_{type,value,traceback}?
* A function keeps its func_globals/__global__ attribute. Is it a problem?
* A generator can be controled: .throw(), .send(), etc. Is it a problem if the
generator was created outside the sandbox?
* Document "dangerous functions": functions allowing to override the sandbox policy
* Choose getModulePath() implementation (problem with "from encodings import
aliases")
* Hide type.__bases__ on Python 2.5 or mark the attribute as read-only
* isinstance(createReadOnlyList(...), list) is False
* Write a test for traceback
* interpreter.py has a quit() builtin function (instance of site.Quitter)
which is not protected by a proxy
* Write a blacklist for ObjectProxy (eg. "__class__" attribute)
* Write a whitelist of modifiable attributes in ObjectProxy?
Problem of callback: have to be executed in the sandbox
* safe_open() should not use createReadOnlyObject(), but just hide the real
type
* Hide __file__ and __path__ attributes of modules and co_filename of code objects?
* Write a tool generating a security policy (sandbox configuration)
* Don't hide dict methods able to modify a dict (eg. dict.clear): need a
builtin frozendict type. I proposed the PEP 416 to add a builtin frozendict type.
http://www.python.org/dev/peps/pep-0416/
* Write a cache for safe_import. Reuse sys.modules???
* interpreter.py: import code module (InteractiveConsole) in the sandbox to
execute the whole interpreter in the sandbox
* Only instanciate each protection once?
* Write a test using class.mro()?
* Improve type(open(...))(filename, "r") error message,
see test_import_sys_stdout()
Todo later
----------
* Check interaction with threads
* Check interaction with signals, eg. SIGALARM and SIGTERM
http://mail.python.org/pipermail/python-dev/2009-February/086425.html
* Check for function importing modules:
warnings imports modules
> if there are other non-user-initiated dynamically imported modules?
Grep the source for PyImport.