Re: Gnumeric/Guile/Python



Python has facilities for providing a restricted environment for executing
scripts from untrusted sources.  It is used for the python applets in the
grail web browser for instance.

It would probably be possible to implement this with the current python
plugin, but it would take a bit of work, and should be security audited.

For now, it is probably best to not implement something like this.

James.

--
Email: james@daa.com.au
WWW:   http://www.daa.com.au/~james/


On Wed, 26 May 1999, Damien Miller wrote:

> On 25 May 1999, Miguel de Icaza wrote:
> 
>  
> > > Is it possible to store python or guile program in *.gnumeric file
> > > rather then in a separate file? Imagine the possibility --- delivering
> > > python code in a form of spreadsheet file with no need for
> > > installation of any kind.
> > 
> > No, there is no way to do this.  And for now I have no plans on doing
> > this.  Until we fully understand the implications of potential viruses 
> > transmited by this medium, I do think this is not a good idea.
> 
> If guile or python code is limited to changing the current sheet only
> and not modifying files or templates then there is no oppurtunity 
> for it to spread.
> 
> It is Microsoft's broken security model that causes secruity 
> nightmares such as Melissa, not the concept to embeddable code
> itself.
> 
> Regards,
> Damien Miller
> 
> --
> | "Bombay is 250ms from New York in the new world order" - Alan Cox
> | Damien Miller - http://www.ilogic.com.au/~dmiller
> | Email: dmiller@ilogic.com.au (home) -or- damien@ibs.com.au (work)
> 
> 
> -- 
>         FAQ: Frequently-Asked Questions at http://www.gnome.org/gnomefaq
>          To unsubscribe: mail gnome-list-request@gnome.org with 
>                        "unsubscribe" as the Subject.
> 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]