forked from AFPy/python-docs-fr
317 lines
12 KiB
Plaintext
317 lines
12 KiB
Plaintext
# SOME DESCRIPTIVE TITLE.
|
|
# Copyright (C) 1990-2016, Python Software Foundation
|
|
# This file is distributed under the same license as the Python package.
|
|
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
|
|
#
|
|
#, fuzzy
|
|
msgid ""
|
|
msgstr ""
|
|
"Project-Id-Version: Python 2.7\n"
|
|
"Report-Msgid-Bugs-To: \n"
|
|
"POT-Creation-Date: 2016-10-30 10:44+0100\n"
|
|
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
|
|
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
|
|
"Language-Team: LANGUAGE <LL@li.org>\n"
|
|
"MIME-Version: 1.0\n"
|
|
"Content-Type: text/plain; charset=UTF-8\n"
|
|
"Content-Transfer-Encoding: 8bit\n"
|
|
|
|
#: ../Doc/library/rexec.rst:2
|
|
msgid ":mod:`rexec` --- Restricted execution framework"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:8
|
|
msgid "The :mod:`rexec` module has been removed in Python 3."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:11
|
|
msgid "Disabled module."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:16
|
|
msgid ""
|
|
"The documentation has been left in place to help in reading old code that "
|
|
"uses the module."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:19
|
|
msgid ""
|
|
"This module contains the :class:`RExec` class, which supports :meth:"
|
|
"`r_eval`, :meth:`r_execfile`, :meth:`r_exec`, and :meth:`r_import` methods, "
|
|
"which are restricted versions of the standard Python functions :meth:"
|
|
"`eval`, :meth:`execfile` and the :keyword:`exec` and :keyword:`import` "
|
|
"statements. Code executed in this restricted environment will only have "
|
|
"access to modules and functions that are deemed safe; you can subclass :"
|
|
"class:`RExec` to add or remove capabilities as desired."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:29
|
|
msgid ""
|
|
"While the :mod:`rexec` module is designed to perform as described below, it "
|
|
"does have a few known vulnerabilities which could be exploited by carefully "
|
|
"written code. Thus it should not be relied upon in situations requiring "
|
|
"\"production ready\" security. In such situations, execution via sub-"
|
|
"processes or very careful \"cleansing\" of both code and data to be "
|
|
"processed may be necessary. Alternatively, help in patching known :mod:"
|
|
"`rexec` vulnerabilities would be welcomed."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:39
|
|
msgid ""
|
|
"The :class:`RExec` class can prevent code from performing unsafe operations "
|
|
"like reading or writing disk files, or using TCP/IP sockets. However, it "
|
|
"does not protect against code using extremely large amounts of memory or "
|
|
"processor time."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:46
|
|
msgid "Returns an instance of the :class:`RExec` class."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:48
|
|
msgid ""
|
|
"*hooks* is an instance of the :class:`RHooks` class or a subclass of it. If "
|
|
"it is omitted or ``None``, the default :class:`RHooks` class is "
|
|
"instantiated. Whenever the :mod:`rexec` module searches for a module (even a "
|
|
"built-in one) or reads a module's code, it doesn't actually go out to the "
|
|
"file system itself. Rather, it calls methods of an :class:`RHooks` instance "
|
|
"that was passed to or created by its constructor. (Actually, the :class:"
|
|
"`RExec` object doesn't make these calls --- they are made by a module loader "
|
|
"object that's part of the :class:`RExec` object. This allows another level "
|
|
"of flexibility, which can be useful when changing the mechanics of :keyword:"
|
|
"`import` within the restricted environment.)"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:59
|
|
msgid ""
|
|
"By providing an alternate :class:`RHooks` object, we can control the file "
|
|
"system accesses made to import a module, without changing the actual "
|
|
"algorithm that controls the order in which those accesses are made. For "
|
|
"instance, we could substitute an :class:`RHooks` object that passes all "
|
|
"filesystem requests to a file server elsewhere, via some RPC mechanism such "
|
|
"as ILU. Grail's applet loader uses this to support importing applets from a "
|
|
"URL for a directory."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:66
|
|
msgid ""
|
|
"If *verbose* is true, additional debugging output may be sent to standard "
|
|
"output."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:69
|
|
msgid ""
|
|
"It is important to be aware that code running in a restricted environment "
|
|
"can still call the :func:`sys.exit` function. To disallow restricted code "
|
|
"from exiting the interpreter, always protect calls that cause restricted "
|
|
"code to run with a :keyword:`try`/:keyword:`except` statement that catches "
|
|
"the :exc:`SystemExit` exception. Removing the :func:`sys.exit` function "
|
|
"from the restricted environment is not sufficient --- the restricted code "
|
|
"could still use ``raise SystemExit``. Removing :exc:`SystemExit` is not a "
|
|
"reasonable option; some library code makes use of this and would break were "
|
|
"it not available."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:83
|
|
msgid "`Grail Home Page <http://grail.sourceforge.net/>`_"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:82
|
|
msgid ""
|
|
"Grail is a Web browser written entirely in Python. It uses the :mod:`rexec` "
|
|
"module as a foundation for supporting Python applets, and can be used as an "
|
|
"example usage of this module."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:90
|
|
msgid "RExec Objects"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:92
|
|
msgid ":class:`RExec` instances support the following methods:"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:97
|
|
msgid ""
|
|
"*code* must either be a string containing a Python expression, or a compiled "
|
|
"code object, which will be evaluated in the restricted environment's :mod:"
|
|
"`__main__` module. The value of the expression or code object will be "
|
|
"returned."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:105
|
|
msgid ""
|
|
"*code* must either be a string containing one or more lines of Python code, "
|
|
"or a compiled code object, which will be executed in the restricted "
|
|
"environment's :mod:`__main__` module."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:112
|
|
msgid ""
|
|
"Execute the Python code contained in the file *filename* in the restricted "
|
|
"environment's :mod:`__main__` module."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:115
|
|
msgid ""
|
|
"Methods whose names begin with ``s_`` are similar to the functions beginning "
|
|
"with ``r_``, but the code will be granted access to restricted versions of "
|
|
"the standard I/O streams ``sys.stdin``, ``sys.stderr``, and ``sys.stdout``."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:122
|
|
msgid ""
|
|
"*code* must be a string containing a Python expression, which will be "
|
|
"evaluated in the restricted environment."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:128
|
|
msgid ""
|
|
"*code* must be a string containing one or more lines of Python code, which "
|
|
"will be executed in the restricted environment."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:134
|
|
msgid ""
|
|
"Execute the Python code contained in the file *filename* in the restricted "
|
|
"environment."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:137
|
|
msgid ""
|
|
":class:`RExec` objects must also support various methods which will be "
|
|
"implicitly called by code executing in the restricted environment. "
|
|
"Overriding these methods in a subclass is used to change the policies "
|
|
"enforced by a restricted environment."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:145 ../Doc/library/rexec.rst:174
|
|
msgid ""
|
|
"Import the module *modulename*, raising an :exc:`ImportError` exception if "
|
|
"the module is considered unsafe."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:151
|
|
msgid ""
|
|
"Method called when :func:`open` is called in the restricted environment. "
|
|
"The arguments are identical to those of :func:`open`, and a file object (or "
|
|
"a class instance compatible with file objects) should be returned. :class:"
|
|
"`RExec`'s default behaviour is allow opening any file for reading, but "
|
|
"forbidding any attempt to write a file. See the example below for an "
|
|
"implementation of a less restrictive :meth:`r_open`."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:161 ../Doc/library/rexec.rst:180
|
|
msgid "Reload the module object *module*, re-parsing and re-initializing it."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:166
|
|
msgid ""
|
|
"Unload the module object *module* (remove it from the restricted "
|
|
"environment's ``sys.modules`` dictionary)."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:169
|
|
msgid "And their equivalents with access to restricted standard I/O streams:"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:185
|
|
msgid "Unload the module object *module*."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:193
|
|
msgid "Defining restricted environments"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:195
|
|
msgid ""
|
|
"The :class:`RExec` class has the following class attributes, which are used "
|
|
"by the :meth:`__init__` method. Changing them on an existing instance won't "
|
|
"have any effect; instead, create a subclass of :class:`RExec` and assign "
|
|
"them new values in the class definition. Instances of the new class will "
|
|
"then use those new values. All these attributes are tuples of strings."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:204
|
|
msgid ""
|
|
"Contains the names of built-in functions which will *not* be available to "
|
|
"programs running in the restricted environment. The value for :class:"
|
|
"`RExec` is ``('open', 'reload', '__import__')``. (This gives the exceptions, "
|
|
"because by far the majority of built-in functions are harmless. A subclass "
|
|
"that wants to override this variable should probably start with the value "
|
|
"from the base class and concatenate additional forbidden functions --- when "
|
|
"new dangerous built-in functions are added to Python, they will also be "
|
|
"added to this module.)"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:215
|
|
msgid ""
|
|
"Contains the names of built-in modules which can be safely imported. The "
|
|
"value for :class:`RExec` is ``('audioop', 'array', 'binascii', 'cmath', "
|
|
"'errno', 'imageop', 'marshal', 'math', 'md5', 'operator', 'parser', 'regex', "
|
|
"'select', 'sha', '_sre', 'strop', 'struct', 'time')``. A similar remark "
|
|
"about overriding this variable applies --- use the value from the base class "
|
|
"as a starting point."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:224
|
|
msgid ""
|
|
"Contains the directories which will be searched when an :keyword:`import` is "
|
|
"performed in the restricted environment. The value for :class:`RExec` is "
|
|
"the same as ``sys.path`` (at the time the module is loaded) for unrestricted "
|
|
"code."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:231
|
|
msgid ""
|
|
"Contains the names of the functions in the :mod:`os` module which will be "
|
|
"available to programs running in the restricted environment. The value for :"
|
|
"class:`RExec` is ``('error', 'fstat', 'listdir', 'lstat', 'readlink', "
|
|
"'stat', 'times', 'uname', 'getpid', 'getppid', 'getcwd', 'getuid', 'getgid', "
|
|
"'geteuid', 'getegid')``."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:242
|
|
msgid ""
|
|
"Contains the names of the functions and variables in the :mod:`sys` module "
|
|
"which will be available to programs running in the restricted environment. "
|
|
"The value for :class:`RExec` is ``('ps1', 'ps2', 'copyright', 'version', "
|
|
"'platform', 'exit', 'maxint')``."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:250
|
|
msgid ""
|
|
"Contains the file types from which modules are allowed to be loaded. Each "
|
|
"file type is an integer constant defined in the :mod:`imp` module. The "
|
|
"meaningful values are :const:`PY_SOURCE`, :const:`PY_COMPILED`, and :const:"
|
|
"`C_EXTENSION`. The value for :class:`RExec` is ``(C_EXTENSION, "
|
|
"PY_SOURCE)``. Adding :const:`PY_COMPILED` in subclasses is not recommended; "
|
|
"an attacker could exit the restricted execution mode by putting a forged "
|
|
"byte-compiled file (:file:`.pyc`) anywhere in your file system, for example "
|
|
"by writing it to :file:`/tmp` or uploading it to the :file:`/incoming` "
|
|
"directory of your public FTP server."
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:262
|
|
msgid "An example"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:264
|
|
msgid ""
|
|
"Let us say that we want a slightly more relaxed policy than the standard :"
|
|
"class:`RExec` class. For example, if we're willing to allow files in :file:"
|
|
"`/tmp` to be written, we can subclass the :class:`RExec` class::"
|
|
msgstr ""
|
|
|
|
#: ../Doc/library/rexec.rst:282
|
|
msgid ""
|
|
"Notice that the above code will occasionally forbid a perfectly valid "
|
|
"filename; for example, code in the restricted environment won't be able to "
|
|
"open a file called :file:`/tmp/foo/../bar`. To fix this, the :meth:`r_open` "
|
|
"method would have to simplify the filename to :file:`/tmp/bar`, which would "
|
|
"require splitting apart the filename and performing various operations on "
|
|
"it. In cases where security is at stake, it may be preferable to write "
|
|
"simple code which is sometimes overly restrictive, instead of more general "
|
|
"code that is also more complex and may harbor a subtle security hole."
|
|
msgstr ""
|