Differences between revisions 7 and 17 (spanning 10 versions)
Revision 7 as of 2008-12-05 15:07:58
Size: 2018
Editor: hachoir
Comment:
Revision 17 as of 2019-12-15 07:15:55
Size: 2919
Editor: FrancesHocutt
Comment: Remove Py2 specific, dead links
Deletions are marked like this. Additions are marked like this.
Line 2: Line 2:

== tav's jail ==

http://tav.espians.com/a-challenge-to-break-python-security.html

 * Remove evil attributes like frame.f_globals or object.__subclasses__
 * Remove evil builtins like compile(), import() or reload()

== Zope security ==

http://svn.zope.org/zope.security/trunk/src/zope/security/

 * Sandboxing
 * Object proxies
Line 5: Line 19:
Nicole King (cats-muvva.net) wrote a taint mode for CPython 3.0: [[http://www.cats-muvva.net/software/|Python Taint Management]]. Nicole King at one point wrote a taint mode for CPython 3.0, but the site (http://www.cats-muvva.net/software/) is no longer functioning.
Line 14: Line 28:
See also the presentation: [[http://us.pycon.org/common/talkdata/PyCon2007/062/PyCon_2007.pdf|Securing Python: Controling the abilities of the interpreter]], PyCon US 2007, Brett Cannon and Eric Wohlstadter See also the presentation: [[http://us.pycon.org/common/talkdata/PyCon2007/062/PyCon_2007.pdf|Securing Python: Controlling the abilities of the interpreter]], PyCon US 2007, Brett Cannon and Eric Wohlstadter

Related issue: [[http://bugs.python.org/issue500698|Taint a la Perl?]].
Line 30: Line 46:
See PyPy project: [[http://codespeak.net/pypy/dist/pypy/doc/sandbox.html|PyPy's sandboxing features]].  * PyPy project: [[http://codespeak.net/pypy/dist/pypy/doc/sandbox.html|PyPy's sandboxing features]].
 * [[http://mail.python.org/pipermail/python-dev/2008-September/082475.html|CapPython]] is an object-capability subset of Python, inspired by Joe-E and Caja/Cajita, which are object-capability subsets of Java and Javascript respectively.
 * SandboxedPython
 * [[How can I run an untrusted Python script safely (i.e. Sandbox)]]
 * [[http://mail.python.org/pipermail/python-dev/2009-June/090038.html|CPython in the web browser under Native Client]]
Line 41: Line 61:
Victor Stinner wrote a fuzzer called [[http://fusil.hachoir.org/trac/|Fusil]] to test Python. It already helped to fix many bugs. fusil-python works on Python 2.4 .. 3.0. Victor Stinner wrote a fuzzer called [[https://github.com/clem1/segvault/tree/master/fusil|Fusil]] to test Python. It already helped to fix many bugs. fusil-python works on Python 2.4 .. 3.0.

Notes about Python Security.

tav's jail

http://tav.espians.com/a-challenge-to-break-python-security.html

  • Remove evil attributes like frame.f_globals or object.subclasses

  • Remove evil builtins like compile(), import() or reload()

Zope security

http://svn.zope.org/zope.security/trunk/src/zope/security/

  • Sandboxing
  • Object proxies

Taint mode

Nicole King at one point wrote a taint mode for CPython 3.0, but the site (http://www.cats-muvva.net/software/) is no longer functioning.

Problems:

  • amaury: The patch is indeed huge!

  • fijall: it seems that every function that returns a PyObject must be modified

  • fijall: need to patch (...) all places that might modify anything. (All side effects)

=> ncoghlan: PyPy is still a *much* better platform for that kind of experimentation than CPython

See also the presentation: Securing Python: Controlling the abilities of the interpreter, PyCon US 2007, Brett Cannon and Eric Wohlstadter

Related issue: Taint a la Perl?.

Python Security Response Team

Some members:

  • Brett Cannon

Email: security AT python.org

Controlling Access to Resources Within The Python Interpreter

Sandboxing

Unsafe modules

Fuzzing

Victor Stinner wrote a fuzzer called Fusil to test Python. It already helped to fix many bugs. fusil-python works on Python 2.4 .. 3.0.

Fusil was also used on PyPy (Finding Bugs in PyPy with a Fuzzer).

Security (last edited 2019-12-15 07:15:55 by FrancesHocutt)

Unable to edit the page? See the FrontPage for instructions.