Security

Legacy Wiki Page

This page was migrated from the old MoinMoin-based wiki. Information may be outdated or no longer applicable. For current documentation, see python.org.

Notes about Python Security.

tav’s jail

http://tav.espians.com/a-challenge-to-break-python-security.html

  • Remove evil attributes like frame.f_globals or object.[subclasses]

  • Remove evil builtins like compile(), import() or reload()

Zope security

http://svn.zope.org/zope.security/trunk/src/zope/security/

  • Sandboxing

  • Object proxies

Taint mode

Nicole King at one point wrote a taint mode for CPython 3.0, but the site (http://www.cats-muvva.net/software/) is no longer functioning.

Problems:

  • amaury: The patch is indeed huge!

  • fijall: it seems that every function that returns a PyObject must be modified

  • fijall: need to patch (…) all places that might modify anything. (All side effects)

=> ncoghlan: PyPy is still a *much* better platform for that kind of experimentation than CPython

See also the presentation: Securing Python: Controlling the abilities of the interpreter, PyCon US 2007, Brett Cannon and Eric Wohlstadter

Related issue: Taint a la Perl?.

Python Security Response Team

Some members:

  • Brett Cannon

Email: security AT python.org

Controlling Access to Resources Within The Python Interpreter

Sandboxing

Unsafe modules

Fuzzing

Victor Stinner wrote a fuzzer called Fusil to test Python. It already helped to fix many bugs. fusil-python works on Python 2.4 .. 3.0.

Fusil was also used on PyPy (Finding Bugs in PyPy with a Fuzzer).