Issue403025

classification
Title: Use the protection domain of the proxy
Type: Severity: normal
Components: None Versions:
Milestone:
process
Status: closed Resolution: invalid
Dependencies: Superseder:
Assigned To: Nosy List: bckfnn, cgroves, pedronis
Priority: low Keywords: patch

Created on 2000-12-27.20:46:30 by bckfnn, last changed 2007-12-02.22:16:43 by cgroves.

Files
File name Uploaded Description Edit Remove
None bckfnn, 2000-12-27.20:46:30 None
Messages
msg2078 (view) Author: Finn Bock (bckfnn) Date: 2000-12-27.20:46:30 
In BytecodeLoader2 the protection domain of the jython runtime is used. This can be a security problem. This patch will instead use the protection domain of the proxy.
msg2079 (view) Author: Finn Bock (bckfnn) Date: 2000-12-28.14:38:44 
Updated the patch. Now a AccessControlContext is stored with the PyCode instance and used when calling the PyCode.
msg2080 (view) Author: Samuele Pedroni (pedronis) Date: 2002-04-14.14:14:02 
Logged In: YES 
user_id=61408

Pointer in the middle of the corresponding
jython-dev discussion:

http://aspn.activestate.com/ASPN/Mail/Message/637252

[for future reference,
people are starting to ask for a more flexible
security support. ]
msg2081 (view) Author: Samuele Pedroni (pedronis) Date: 2005-01-09.19:18:01 
Logged In: YES 
user_id=61408

this was a tentative patch, the problem it tries to address
is larget than
the patch, it also unclear how much people care and what we
can do without java lib support. Should not be applied. We
should probably close it and archive the thing somewhere
under the new sandbox module.
msg2082 (view) Author: Charlie Groves (cgroves) Date: 2007-12-02.22:16:43 
Closing as suggested.
History
Date User Action Args
2000-12-27 20:46:30bckfnncreate

Supported by Python Software Foundation,
Powered by Roundup