[Python-checkins] r51755 - python/branches/bcannon-objcap/securing_python.txt

brett.cannon python-checkins at python.org
Tue Sep 5 23:56:43 CEST 2006

• Previous message: [Python-checkins] Python-checkins at python.org
• Next message: [Python-checkins] r51755 - python/branches/bcannon-objcap/securing_python.txt
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

Author: brett.cannon
Date: Tue Sep 5 23:56:41 2006
New Revision: 51755
Modified:
 python/branches/bcannon-objcap/securing_python.txt
Log:
Add more things to look into in terms of possible security issues.
Also add some notes on what in 'sys' might or might not be safe.
Modified: python/branches/bcannon-objcap/securing_python.txt
==============================================================================
--- python/branches/bcannon-objcap/securing_python.txt	(original)
+++ python/branches/bcannon-objcap/securing_python.txt	Tue Sep 5 23:56:41 2006
@@ -4,8 +4,7 @@
 Status
 ///////////////////////////////////////
 
-+ Remove object.__subclasses__ (`Mutable Shared State`_) [done]
-+ Dangerous constructors (`Constructors`_)
++ Dangerous types (`Constructors`_)
 - file
 * Create PyFile_Init() from file_init() [done]
 * Switch current C-level uses of 'file' constructor to
@@ -26,11 +25,24 @@
 built-in objects.
 - code [done]
 * Add objcap.code_new() function [done]
- - ??? <go through Objects/*>
+ - frame
+ * do not allow importing 'sys' module to get to
+ sys._getframe() or sys._current_frames().
 + Sandboxed versions of built-ins (`Sanitizing Built-In Types`_)
 - open()
 - __import__() / PEP 302 importer (`Imports`_)
- - ??? <go through built-ins>
+ - compile() (?)
+ - eval() (?)
+ - execfile()
+ - exit() (XXX verify if it kills the interpreter or the process;
+ should also check raising SystemExit)
+ - input() / raw_input() (XXX make sure it gets its stdin from sys.stdin
+ and not sys.__stdin__)
+ - type() (?)
+ - object()
+ * Remove object.__subclasses__ (`Mutable Shared State`_) [done]
+ * XXX
+ - globals() / vars() (?)
 + Filesystem path hiding (`Filesystem Information`_)
 + Tweaked stdlib modules
 - mini 'sys' module (`Making the ``sys`` Module Safe`_)
@@ -598,7 +610,7 @@
 that will create a faked sys module that has the safe values copied
 into it?
 
-The safe information values are:
+The safe attributes are:
 
 * builtin_module_names
 Information about what might be blocked from importation.
@@ -611,8 +623,8 @@
 * __displayhook__ (?)
 * __excepthook__ (?)
 * exc_info() (?)
-* exc_clear()
-* exit()
+* exc_clear() (XXX double-check exceptions unique to each interpreter)
+* exit() (XXX make sure only exits interpreter and not process)
 * exitfunc
 * getcheckinterval()
 Returns an int.
@@ -624,8 +636,9 @@
 Returns an int about the interpreter.
 * hexversion
 Set to an int about the interpreter.
-* last_type
-* last_value
+* last_type (XXX make sure doesn't return value from creating
+ interpreter) 
+* last_value (XXX see last_type worry)
 * last_traceback (?)
 * maxint
 Set to an int that exposes ambiguous information about the

---

• Previous message: [Python-checkins] Python-checkins at python.org
• Next message: [Python-checkins] r51755 - python/branches/bcannon-objcap/securing_python.txt
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---

More information about the Python-checkins mailing list