This issue tracker has been migrated to GitHub ,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2002年01月08日 02:48 by sketerpot, last changed 2022年04月10日 16:04 by admin. This issue is now closed.
| Files | ||||
|---|---|---|---|---|
| File name | Uploaded | Description | Edit | |
| taintstring.py | sketerpot, 2003年02月14日 17:21 | Untested TaintString class | ||
| Messages (9) | |||
|---|---|---|---|
| msg53424 - (view) | Author: Peter Scott (sketerpot) | Date: 2002年01月08日 02:48 | |
This might just add unnecessary bloat, but since Python is being used in CGI scripts, it can be used to narrow a security hole. One way of breaking security is for a naiive programmer (don't try to deny their existance) to run an arbitrary command from the page viewer. Perl has developed an interesting mechanism for helping with this: taint. The way it works is, when something comes directly from the user, like a key in a form, it is considered to have taint unless specifically untainted. Things like os.exec() would create a warning message if you passed tainted strings to them. As I said, this might just add unnecessary bloat, but for an option that can be left out for most builds of Python I think it would be pretty nice. |
|||
| msg53425 - (view) | Author: Neal McBurnett (nealmcb) | Date: 2003年01月02日 21:20 | |
Logged In: YES user_id=105956 I really like taint mode. I think this would make Python a better choice for CGI scripts. See http://www.perldoc.com/perl5.8.0/pod/perlsec.html and http://gunther.web66.com/FAQS/taintmode.html for more background. |
|||
| msg53426 - (view) | Author: Skip Montanaro (skip.montanaro) * (Python triager) | Date: 2003年01月03日 01:25 | |
Logged In: YES user_id=44345 Took awhile for a response to this feature request. ;-) Perl's heavy integration of regular expressions with its taint facility probably wouldn't work all that well in Python. For one, Python has more ways of searching strings than with regular expressions. Second, regular expressions are not nearly as tightly wound into Python as they are in Perl. I think you'd have to add a taint attribute to strings and just rely on the programmer to properly clear that attribute. I think a first cut at an implementation would go much further toward getting the concept seriously considered for addition to Python. |
|||
| msg53427 - (view) | Author: paul rubin (phr) | Date: 2003年02月14日 04:47 | |
Logged In: YES user_id=72053 With new-style classes, maybe this can be done by subclassing string somehow. There would be a subclass for tainted strings and trying to do most things with them would raise an exception. With taint checking enabled, functions like os.getenv and cgi.FieldStorage would make objects containing tainted strings. You'd untaint them by passing them to re.search or re.match and pulling out the match variables, like in Per. |
|||
| msg53428 - (view) | Author: Peter Scott (sketerpot) | Date: 2003年02月14日 17:21 | |
Logged In: YES user_id=252564 Thanks for the idea, phr. I wrote a small class called TaintString, derived from string, that has a taint attribute. This is probably the least difficult part. The difficult part will be in modifying functions like os.system() to raise warnings or exceptions when tainted strings are passed to them. I'm currently thinking of making wrapper modules with names like taint.os, or taint.cgi, but the problem with this is that you have to manually use taint.* for certain functions. If anybody can think of something that can simplify this, please post it. |
|||
| msg53429 - (view) | Author: Johann C. Rocholl (jcrocholl) | Date: 2007年02月05日 21:55 | |
I have come up with a class called SafeString which is the opposite of a tainted string. In my model, all strings are tainted by default, and you have to call untaint() to create a SafeString. Then I replace all functions in the os module with wrapper functions that check all parameters first and raise TaintError if any string is not safe. If I can figure out how to attach a file here, I will post it. Otherwise you may find it on comp.lang.python by the name of taint.py. |
|||
| msg53430 - (view) | Author: Johann C. Rocholl (jcrocholl) | Date: 2007年02月06日 10:51 | |
http://svn.rocholl.net/taint/trunk/taint.py |
|||
| msg81499 - (view) | Author: Daniel Diniz (ajaksu2) * (Python triager) | Date: 2009年02月09日 21:49 | |
On http://mail.python.org/pipermail/python-dev/2008-November/083732.html Nicole King wrote: """ I found I needed support for taint mode in python and have done some work to realise this. It's by no means complete at this time, but I'm floating this idea on this group to see how much interest there is. The implementation is pretty simple: - an extra field in PyObject to maintain the taint status - a couple of extra functions __gettaint__() that returns the taint status and __settaint__(value) that sets the taint value, returning the previous status - an additional command-line flag -a and environment variable PYTHONIGNORETAINT that suppress taint checking - a few macros defined in Objects/object.h to support taint management - a new built-in exception, PyExc_TaintError, for reporting operations on tainted objects """ More information and download: http://www.cats-muvva.net/software/ |
|||
| msg85551 - (view) | Author: Georg Brandl (georg.brandl) * (Python committer) | Date: 2009年04月05日 18:43 | |
This is too vague and too large an issue to be tracked by an RFE issue. Concrete proposals and implementations must go through the PEP process. |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022年04月10日 16:04:51 | admin | set | github: 35883 |
| 2009年04月05日 18:43:52 | georg.brandl | set | status: open -> closed nosy: + georg.brandl messages: + msg85551 resolution: rejected |
| 2009年02月09日 21:49:39 | ajaksu2 | set | nosy:
+ ajaksu2 messages: + msg81499 versions: + Python 3.1, Python 2.7 |
| 2002年01月08日 02:48:18 | sketerpot | create | |