Notes about Python Security.
Remove evil attributes like frame.f_globals or object.subclasses
- Remove evil builtins like compile(), import() or reload()
- Object proxies
Nicole King at one point wrote a taint mode for CPython 3.0, but the site (http://www.cats-muvva.net/software/) is no longer functioning.
amaury: The patch is indeed huge!
fijall: it seems that every function that returns a PyObject must be modified
fijall: need to patch (...) all places that might modify anything. (All side effects)
=> ncoghlan: PyPy is still a *much* better platform for that kind of experimentation than CPython
See also the presentation: Securing Python: Controlling the abilities of the interpreter, PyCon US 2007, Brett Cannon and Eric Wohlstadter
Related issue: Taint a la Perl?.
Python Security Response Team
- Brett Cannon
Email: security AT python.org
Controlling Access to Resources Within The Python Interpreter
Paper: Controlling Access to Resources Within The Python Interpreter, Brett Cannon and Eric Wohlstadter, University of British Columbia
- os.kill(), os.chown(), os.unlink(), ...
- imageop: many bugs
Victor Stinner wrote a fuzzer called Fusil to test Python. It already helped to fix many bugs. fusil-python works on Python 2.4 .. 3.0.