[Python-checkins] r52372 - python/branches/bcannon-objcap/securing_python.txt

brett.cannon python-checkins at python.org
Wed Oct 18 03:28:22 CEST 2006

• Previous message: [Python-checkins] buildbot warnings in hppa Ubuntu dapper trunk
• Next message: [Python-checkins] r52373 - sandbox/trunk/import_in_py/importer.py sandbox/trunk/import_in_py/test_importer.py
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Author: brett.cannon
Date: Wed Oct 18 03:28:20 2006
New Revision: 52372
Modified:
 python/branches/bcannon-objcap/securing_python.txt
Log:
Add some notes about ways to protect import machinery from nefarious
introspection.
Modified: python/branches/bcannon-objcap/securing_python.txt
==============================================================================
--- python/branches/bcannon-objcap/securing_python.txt	(original)
+++ python/branches/bcannon-objcap/securing_python.txt	Wed Oct 18 03:28:20 2006
@@ -33,6 +33,17 @@
 + Do not inject full sys module.
 + Most likely will need to wrap built-in importer so as to
 be able to effectively block access to sys.
+ * Could make __import__ self-contained such that 'sys' is not
+ directly referenced.
+ + Allows hiding sys.path by storing in the self-contained
+ object.
+ + Could expose other objects if desired.
+ + Could make it so that there is only exposure of certain
+ functions that allow removal from a whitelist but no
+ additions.
+ + Other things can be options that can only be turned off.
+ + Importers could be made like this with the one-way
+ narrowing of abilities.
 - execfile()
 * Force to go through open()
 + Prevents opening unauthorized files.

---

• Previous message: [Python-checkins] buildbot warnings in hppa Ubuntu dapper trunk
• Next message: [Python-checkins] r52373 - sandbox/trunk/import_in_py/importer.py sandbox/trunk/import_in_py/test_importer.py
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-checkins mailing list