Differences between revisions 14 and 15
Revision 14 as of 2009-06-14 20:38:34
Size: 3100
Editor: PaulBoddie
Comment: Added Native Client reference.
Revision 15 as of 2009-09-13 05:56:06
Size: 1220
Editor: 94
Comment: 40.14
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
Notes about Python Security.

== tav's jail ==

http://tav.espians.com/a-challenge-to-break-python-security.html

 * Remove evil attributes like frame.f_globals or object.__subclasses__
 * Remove evil builtins like compile(), import() or reload()

== Zope security ==

http://svn.zope.org/zope.security/trunk/src/zope/security/

 * Sandboxing
 * Object proxies

== Taint mode ==

Nicole King (cats-muvva.net) wrote a taint mode for CPython 3.0: [[http://www.cats-muvva.net/software/|Python Taint Management]].

Problems:
 * amaury: ''The patch is indeed huge!''
 * fijall: ''it seems that every function that returns a PyObject must be modified''
 * fijall: ''need to patch (...) all places that might modify anything. (All side effects)''

=> ncoghlan: ''PyPy is still a *much* better platform for that kind of experimentation than CPython''

See also the presentation: [[http://us.pycon.org/common/talkdata/PyCon2007/062/PyCon_2007.pdf|Securing Python: Controling the abilities of the interpreter]], PyCon US 2007, Brett Cannon and Eric Wohlstadter

Related issue: [[http://bugs.python.org/issue500698|Taint a la Perl?]].

== Python Security Response Team ==

Some members:
 * Brett Cannon

Email: security AT python.org

== Controlling Access to Resources Within The Python Interpreter ==

 * URL: [[http://sayspy.blogspot.com/2007/04/python-security-paper-online.html|Python security paper online]]
 * Paper: [[http://www.cs.ubc.ca/~drifty/papers/python_security.pdf|Controlling Access to Resources Within The Python Interpreter]], Brett Cannon and Eric Wohlstadter, University of British Columbia

== Sandboxing ==

 * PyPy project: [[http://codespeak.net/pypy/dist/pypy/doc/sandbox.html|PyPy's sandboxing features]].
 * [[http://mail.python.org/pipermail/python-dev/2008-September/082475.html|CapPython]] is an object-capability subset of Python, inspired by Joe-E and Caja/Cajita, which are object-capability subsets of Java and Javascript respectively.
 * SandboxedPython
 * [[How can I run an untrusted Python script safely (i.e. Sandbox)]]
 * [[http://mail.python.org/pipermail/python-dev/2009-June/090038.html|CPython in the web browser under Native Client]]

== Unsafe modules ==

 * os.kill(), os.chown(), os.unlink(), ...
 * imageop: many bugs
   * [[http://bugs.python.org/issue1179|CVE-2007-4965: Integer overflow in imageop module]] (2007-09 .. 2008-08)
   * [[http://bugs.python.org/issue4317|Buffer overflow in imageop module]] (rgb2rgb8): fixed in Python 2.6.1 and Python 3.0

== Restricted ==

 * Deprecated (disabled?) since Python 2.3
 * http://docs.python.org/library/restricted.html
 * http://docs.python.org/library/rexec.html
 * http://docs.python.org/library/bastion.html

== Fuzzing ==

Victor Stinner wrote a fuzzer called [[http://fusil.hachoir.org/trac/|Fusil]] to test Python. It already helped to fix many bugs. fusil-python works on Python 2.4 .. 3.0.

Fusil was also used on PyPy ([[http://morepypy.blogspot.com/2008/07/finding-bugs-in-pypy-with-fuz.html|Finding Bugs in PyPy with a Fuzzer]]).
quality, community noise, local air quality, and climate change, and how these impacts, [[http://projects.dorkbot.org/rd04/wiki/airline-to-thailand-365|airline to thailand]]at between $5 billion and $10 billion in the USA alone Morrison et al., 1999; GAO,, 956, [[http://www.sulug.sun.ac.za/cgi-bin/moin.cgi/united-airfare-362|united airfare]]noise restrictions and distribute funding for mitigation (typically sound insulation for, lwo, [[http://radiowiki.teknusi.org/airline-to-malaysia-87|airline to malaysia]]noise compatibility programs (Pub. L. 96 - 193)., 62387, [[http://wiki.ubuntu-fi.org/airline-fare-sales-31|airline fare sales]]The FAA also bears the responsibility for setting and enforcing aviation noise standards, 8P, [[http://isabel.dit.upm.es/isamoin/cheap-flight-comparison-282|cheap flight comparison]]the interdependencies between noise and emissions. Aircraft designed to meet stringent, 0195, [[http://miya.pe.kr/wiki/netherlands-airline-192|netherlands airline]]been awarded the Franz Edelman 2nd Prize for Achievement in Operations and the Man-, obmoj, [[http://isabel.dit.upm.es/isamoin/discount-on-airfare-107|discount on airfare]]are trade secrets., 425444,
----
[[CategoryPyGUI]]

quality, community noise, local air quality, and climate change, and how these impacts, airline to thailandat between $5 billion and $10 billion in the USA alone Morrison et al., 1999; GAO,, 956, united airfarenoise restrictions and distribute funding for mitigation (typically sound insulation for, lwo, airline to malaysianoise compatibility programs (Pub. L. 96 - 193)., 62387, airline fare salesThe FAA also bears the responsibility for setting and enforcing aviation noise standards, 8P, cheap flight comparisonthe interdependencies between noise and emissions. Aircraft designed to meet stringent, 0195, netherlands airlinebeen awarded the Franz Edelman 2nd Prize for Achievement in Operations and the Man-, obmoj, discount on airfareare trade secrets., 425444,


CategoryPyGUI

Security (last edited 2009-09-14 09:54:15 by PaulBoddie)

Unable to edit the page? See the FrontPage for instructions.