=======
Purpose
=======
Attempt to develop some form of security model for Python.


==================
Build instructions
==================
1. Build Python as normal (``./configure``, ``make -s``; DO NOT run
``make install`` as I don't know if the symlinks for importlib will install the
files properly).
2. Run ``build_secure_py.sh`` to build ``secure_python.exe``.


=======
Testing
=======
Execute ``run_security_tests.py`` with ``secure_python.exe`` to run security
tests.  Do not expect normal tests to pass as critical modules might be blocked
from being imported.


=============
Failing Tests
=============
* Lib/tests/test_xmlrpc.py
    + Fails with insecure Python.
    + Requires sys.setdefaultencoding() which is deleted by site.py .
    + reload(sys) normally adds it, but hack to do a fresh import on sys is
      preventing that from happening somehow.
    + reload() going away in Python 3.0.


=====
To Do
=====
Nothing.


==========
References
==========
* securing_python.txt
* http://docs.google.com/Doc?id=dg7fctr4_4d8tdbq
* http://www.cs.ubc.ca/~drifty/papers/python_security.pdf