Differences between revisions 13 and 14
Revision 13 as of 2009-03-19 15:33:21
Size: 2979
Editor: PaulBoddie
Comment: Added sandbox links.
Revision 14 as of 2009-06-14 20:38:34
Size: 3100
Editor: PaulBoddie
Comment: Added Native Client reference.
Deletions are marked like this. Additions are marked like this.
Line 50: Line 50:
 * [[http://mail.python.org/pipermail/python-dev/2009-June/090038.html|CPython in the web browser under Native Client]]

Notes about Python Security.

tav's jail


  • Remove evil attributes like frame.f_globals or object.subclasses

  • Remove evil builtins like compile(), import() or reload()

Zope security


  • Sandboxing
  • Object proxies

Taint mode

Nicole King (cats-muvva.net) wrote a taint mode for CPython 3.0: Python Taint Management.


  • amaury: The patch is indeed huge!

  • fijall: it seems that every function that returns a PyObject must be modified

  • fijall: need to patch (...) all places that might modify anything. (All side effects)

=> ncoghlan: PyPy is still a *much* better platform for that kind of experimentation than CPython

See also the presentation: Securing Python: Controling the abilities of the interpreter, PyCon US 2007, Brett Cannon and Eric Wohlstadter

Related issue: Taint a la Perl?.

Python Security Response Team

Some members:

  • Brett Cannon

Email: security AT python.org

Controlling Access to Resources Within The Python Interpreter


Unsafe modules



Victor Stinner wrote a fuzzer called Fusil to test Python. It already helped to fix many bugs. fusil-python works on Python 2.4 .. 3.0.

Fusil was also used on PyPy (Finding Bugs in PyPy with a Fuzzer).

Security (last edited 2009-09-14 09:54:15 by PaulBoddie)

Unable to edit the page? See the FrontPage for instructions.