On 15Apr2019 1344, Christian Heimes wrote:
(memory dump before I go to bed)
Steve Grubb from Red Hat security pointed me to some interesting things . For instance there is some work on a new O_MAYEXEC flag for open(). Steve came to similar conclusions like we, e.g. streaming code from stdin is insecure.
Thanks for the pointer! Using this for open_code() by default on platforms that support it might be a good opportunity in the future. But I'm glad I'm not the only one who thinks this is the right approach :)
I think it would be also beneficial to have auditing events for the import system to track when sys.path or import loaders are changed.
Already in there (kind of... the "import" events include the contents of the sys properties that are about to be used to resolve it - since these are plain-old lists, and can be easily reassigned, passing them through here allows you to add a check if you really want it but otherwise not pay the cost of replacing the sys module with a special implementation and its attributes with special lists).