forked from AFPy/python-docs-fr
99 lines
4.3 KiB
Plaintext
99 lines
4.3 KiB
Plaintext
# SOME DESCRIPTIVE TITLE.
|
|
# Copyright (C) 1990-2016, Python Software Foundation
|
|
# This file is distributed under the same license as the Python package.
|
|
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
|
|
#
|
|
#, fuzzy
|
|
msgid ""
|
|
msgstr ""
|
|
"Project-Id-Version: Python 2.7\n"
|
|
"Report-Msgid-Bugs-To: \n"
|
|
"POT-Creation-Date: 2016-10-30 10:44+0100\n"
|
|
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
|
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
|
"Language-Team: LANGUAGE <LL@li.org>\n"
|
|
"MIME-Version: 1.0\n"
|
|
"Content-Type: text/plain; charset=UTF-8\n"
|
|
"Content-Transfer-Encoding: 8bit\n"
|
|
|
|
#: ../Doc/library/restricted.rst:6
|
|
msgid "Restricted Execution"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/restricted.rst:10
|
|
msgid ""
|
|
"In Python 2.3 these modules have been disabled due to various known and not "
|
|
"readily fixable security holes. The modules are still documented here to "
|
|
"help in reading old code that uses the :mod:`rexec` and :mod:`Bastion` "
|
|
"modules."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/restricted.rst:14
|
|
msgid ""
|
|
"*Restricted execution* is the basic framework in Python that allows for the "
|
|
"segregation of trusted and untrusted code. The framework is based on the "
|
|
"notion that trusted Python code (a *supervisor*) can create a \"padded "
|
|
"cell' (or environment) with limited permissions, and run the untrusted code "
|
|
"within this cell. The untrusted code cannot break out of its cell, and can "
|
|
"only interact with sensitive system resources through interfaces defined and "
|
|
"managed by the trusted code. The term \"restricted execution\" is favored "
|
|
"over \"safe-Python\" since true safety is hard to define, and is determined "
|
|
"by the way the restricted environment is created. Note that the restricted "
|
|
"environments can be nested, with inner cells creating subcells of lesser, "
|
|
"but never greater, privilege."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/restricted.rst:25
|
|
msgid ""
|
|
"An interesting aspect of Python's restricted execution model is that the "
|
|
"interfaces presented to untrusted code usually have the same names as those "
|
|
"presented to trusted code. Therefore no special interfaces need to be "
|
|
"learned to write code designed to run in a restricted environment. And "
|
|
"because the exact nature of the padded cell is determined by the supervisor, "
|
|
"different restrictions can be imposed, depending on the application. For "
|
|
"example, it might be deemed \"safe\" for untrusted code to read any file "
|
|
"within a specified directory, but never to write a file. In this case, the "
|
|
"supervisor may redefine the built-in :func:`open` function so that it raises "
|
|
"an exception whenever the *mode* parameter is ``'w'``. It might also "
|
|
"perform a :c:func:`chroot`\\ -like operation on the *filename* parameter, "
|
|
"such that root is always relative to some safe \"sandbox\" area of the "
|
|
"filesystem. In this case, the untrusted code would still see a built-in :"
|
|
"func:`open` function in its environment, with the same calling interface. "
|
|
"The semantics would be identical too, with :exc:`IOError`\\ s being raised "
|
|
"when the supervisor determined that an unallowable parameter is being used."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/restricted.rst:42
|
|
msgid ""
|
|
"The Python run-time determines whether a particular code block is executing "
|
|
"in restricted execution mode based on the identity of the ``__builtins__`` "
|
|
"object in its global variables: if this is (the dictionary of) the standard :"
|
|
"mod:`__builtin__` module, the code is deemed to be unrestricted, else it is "
|
|
"deemed to be restricted."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/restricted.rst:48
|
|
msgid ""
|
|
"Python code executing in restricted mode faces a number of limitations that "
|
|
"are designed to prevent it from escaping from the padded cell. For instance, "
|
|
"the function object attribute :attr:`func_globals` and the class and "
|
|
"instance object attribute :attr:`~object.__dict__` are unavailable."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/restricted.rst:53
|
|
msgid ""
|
|
"Two modules provide the framework for setting up restricted execution "
|
|
"environments:"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/restricted.rst:66
|
|
msgid "`Grail Home Page <http://grail.sourceforge.net/>`_"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/restricted.rst:65
|
|
msgid ""
|
|
"Grail, an Internet browser written in Python, uses these modules to support "
|
|
"Python applets. More information on the use of Python's restricted "
|
|
"execution mode in Grail is available on the Web site."
|
|
msgstr ""
|