On Sat, Sep 27, 2008 at 8:54 AM, Victor Stinner <victor.stinner@haypocalc.com> wrote:
Hi,
I would like to know if a Python security team does exist. I sent an email about an imageop issue, and I didn't get any answer. Later I learned that a security ticket was created, I don't have access to it.
Yes, the PSRT (Python Security Response Team) does exist. We did get your email; sorry we didn't respond. There are very few members on that list and most of them are extremely busy. Responding to your email just slipped through the cracks. I believe Benjamin was the last person to work on your submitted patch.
First, I would like to access to these informations. Not only this issue, but all security related issues. I have some knowledges about security and I can help to resolve issues and/or estimate the criticity of an issue.
That would require commit privileges first. Don't know if the group requires that a person have a decent amount of time committing to the core first (I just joined the list in late July).
Second, I would like to help to fix all Python security issues. It looks like Python community isn't very reactive (proactive?) about security. Eg. a DoS was reported in smtpd server (integrated to Python)... 15 months ago. A patch is available but it's not applied in Python trunk.
Historically we have not been proactive. No one on the core team (that I know of) would claim they are a security expert. And with Python not making any claims to being secure, we just don't worry about DoS stuff, etc.; only the severe buffer overflow attacks that get reported and such typically get immediate attention. Considering we have a Crashers directory in the test suite I think that shows we are not stressed over plugging every potential crash (although we obviously would like to).
Third, I'm also looking for a document explaining "how Python is secure" (!). If an user can run arbitrary Python code, we know that it can do anything (read/remove any file, create/kill any process, read/write anywhere in memory, etc.). Brett wrote a paper about CPython sandboxing. PyPy is also working on sandboxing using two interpreters: one has high priviledge and execute instructions from the second interpreter (after checking the permissions and arguments). So is there somewhere a document to explain to current status of Python security?
Nope. I think my paper and blog posts are about the best you are going to find since we removed Bastion/rexec. Basically the philosophy has been "fix privilege escalation stuff immediately, fix crashers when the fix is simple or someone has the time to fix the complicated ones". Or at least that is the philosophy I personally have followed. -Brett