A long time ago, I tried to extend Python to support capabilities. It didn’t work out well – it turns out that the Python interpreter isn’t well suited – by the time Python has been compiled it has lost too much information to enforce the confinement required by capabilities. Also, it seems the Python developers aren’t really interested in capabilities (nor all that interested in security, it seems, since the restricted execution mode is not maintained).
Anyway, much later I realised that modifying the interpreter wasn’t the way to go – what’s much better is to compile a modified version of the language into the standard language – that way proves to be much easier.
So, I did this for Perl, on the basis that if you can secure Perl you can surely secure anything. I’ve given a couple of talks about it, but so far haven’t released any code. I finally got off my arse and did the first release. Very poorly documented, I’m afraid, but there is at least a mailing list!
You can find CaPerl here.