Differences between revisions 15 and 16
Revision 15 as of 2009-09-13 05:56:06
Size: 1220
Editor: 94
Comment: 40.14
Revision 16 as of 2009-09-14 09:54:15
Size: 3100
Editor: PaulBoddie
Comment: Revert spam.
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
quality, community noise, local air quality, and climate change, and how these impacts, [[http://projects.dorkbot.org/rd04/wiki/airline-to-thailand-365|airline to thailand]]at between $5 billion and $10 billion in the USA alone Morrison et al., 1999; GAO,, 956, [[http://www.sulug.sun.ac.za/cgi-bin/moin.cgi/united-airfare-362|united airfare]]noise restrictions and distribute funding for mitigation (typically sound insulation for, lwo, [[http://radiowiki.teknusi.org/airline-to-malaysia-87|airline to malaysia]]noise compatibility programs (Pub. L. 96 - 193)., 62387, [[http://wiki.ubuntu-fi.org/airline-fare-sales-31|airline fare sales]]The FAA also bears the responsibility for setting and enforcing aviation noise standards, 8P, [[http://isabel.dit.upm.es/isamoin/cheap-flight-comparison-282|cheap flight comparison]]the interdependencies between noise and emissions. Aircraft designed to meet stringent, 0195, [[http://miya.pe.kr/wiki/netherlands-airline-192|netherlands airline]]been awarded the Franz Edelman 2nd Prize for Achievement in Operations and the Man-, obmoj, [[http://isabel.dit.upm.es/isamoin/discount-on-airfare-107|discount on airfare]]are trade secrets., 425444,
----
[[CategoryPyGUI]]
Notes about Python Security.

== tav's jail ==

http://tav.espians.com/a-challenge-to-break-python-security.html

 * Remove evil attributes like frame.f_globals or object.__subclasses__
 * Remove evil builtins like compile(), import() or reload()

== Zope security ==

http://svn.zope.org/zope.security/trunk/src/zope/security/

 * Sandboxing
 * Object proxies

== Taint mode ==

Nicole King (cats-muvva.net) wrote a taint mode for CPython 3.0: [[http://www.cats-muvva.net/software/|Python Taint Management]].

Problems:
 * amaury: ''The patch is indeed huge!''
 * fijall: ''it seems that every function that returns a PyObject must be modified''
 * fijall: ''need to patch (...) all places that might modify anything. (All side effects)''

=> ncoghlan: ''PyPy is still a *much* better platform for that kind of experimentation than CPython''

See also the presentation: [[http://us.pycon.org/common/talkdata/PyCon2007/062/PyCon_2007.pdf|Securing Python: Controling the abilities of the interpreter]], PyCon US 2007, Brett Cannon and Eric Wohlstadter

Related issue: [[http://bugs.python.org/issue500698|Taint a la Perl?]].

== Python Security Response Team ==

Some members:
 * Brett Cannon

Email: security AT python.org

== Controlling Access to Resources Within The Python Interpreter ==

 * URL: [[http://sayspy.blogspot.com/2007/04/python-security-paper-online.html|Python security paper online]]
 * Paper: [[http://www.cs.ubc.ca/~drifty/papers/python_security.pdf|Controlling Access to Resources Within The Python Interpreter]], Brett Cannon and Eric Wohlstadter, University of British Columbia

== Sandboxing ==

 * PyPy project: [[http://codespeak.net/pypy/dist/pypy/doc/sandbox.html|PyPy's sandboxing features]].
 * [[http://mail.python.org/pipermail/python-dev/2008-September/082475.html|CapPython]] is an object-capability subset of Python, inspired by Joe-E and Caja/Cajita, which are object-capability subsets of Java and Javascript respectively.
 * SandboxedPython
 * [[How can I run an untrusted Python script safely (i.e. Sandbox)]]
 * [[http://mail.python.org/pipermail/python-dev/2009-June/090038.html|CPython in the web browser under Native Client]]

== Unsafe modules ==

 * os.kill(), os.chown(), os.unlink(), ...
 * imageop: many bugs
   * [[http://bugs.python.org/issue1179|CVE-2007-4965: Integer overflow in imageop module]] (2007-09 .. 2008-08)
   * [[http://bugs.python.org/issue4317|Buffer overflow in imageop module]] (rgb2rgb8): fixed in Python 2.6.1 and Python 3.0

== Restricted ==

 * Deprecated (disabled?) since Python 2.3
 * http://docs.python.org/library/restricted.html
 * http://docs.python.org/library/rexec.html
 * http://docs.python.org/library/bastion.html

== Fuzzing ==

Victor Stinner wrote a fuzzer called [[http://fusil.hachoir.org/trac/|Fusil]] to test Python. It already helped to fix many bugs. fusil-python works on Python 2.4 .. 3.0.

Fusil was also used on PyPy ([[http://morepypy.blogspot.com/2008/07/finding-bugs-in-pypy-with-fuz.html|Finding Bugs in PyPy with a Fuzzer]]).

Notes about Python Security.

tav's jail

http://tav.espians.com/a-challenge-to-break-python-security.html

  • Remove evil attributes like frame.f_globals or object.subclasses

  • Remove evil builtins like compile(), import() or reload()

Zope security

http://svn.zope.org/zope.security/trunk/src/zope/security/

  • Sandboxing
  • Object proxies

Taint mode

Nicole King (cats-muvva.net) wrote a taint mode for CPython 3.0: Python Taint Management.

Problems:

  • amaury: The patch is indeed huge!

  • fijall: it seems that every function that returns a PyObject must be modified

  • fijall: need to patch (...) all places that might modify anything. (All side effects)

=> ncoghlan: PyPy is still a *much* better platform for that kind of experimentation than CPython

See also the presentation: Securing Python: Controling the abilities of the interpreter, PyCon US 2007, Brett Cannon and Eric Wohlstadter

Related issue: Taint a la Perl?.

Python Security Response Team

Some members:

  • Brett Cannon

Email: security AT python.org

Controlling Access to Resources Within The Python Interpreter

Sandboxing

Unsafe modules

Restricted

Fuzzing

Victor Stinner wrote a fuzzer called Fusil to test Python. It already helped to fix many bugs. fusil-python works on Python 2.4 .. 3.0.

Fusil was also used on PyPy (Finding Bugs in PyPy with a Fuzzer).

Security (last edited 2009-09-14 09:54:15 by PaulBoddie)

Unable to edit the page? See the FrontPage for instructions.