[Python-Dev] known obvious thing or bug (rexec)?
Guido van Rossum
guido@python.org
Mon, 16 Dec 2002 14:47:34 -0500
> > Hm... Do you see any way to break out of restricted execution mode
> > using this? I suppose a fix would be simple enough, but I'm more and
> > more inclined to simply rip out rexec from the distribution -- it's
> > never going to be safe, and I doubt it's very useful as long as it's
> > not safe.
>
> Do you mean the rexec.py module, or all the restricted features?
Both. Unless we spend several orders of more effort on reviewing and
testing these "security" features, we're running the serious risk that
someone naively believes that they are secure, uses them to protect
real data, and their site gets broken into. Then who is responsible?
Even if no real data is lost, the more we advertise this as secure,
the more egg we have on our face when someone finds a hole. The
history of Java's security features shows that even in systems that
have had infinitely more scrutiny, security holes still show up --
a language implementation is simply too complex to be bug-free.
> I would like to see the whole scheme working someday. I'm not sure
> how safe it will ever be, but the problems I've seen so far are due
> to some language change introduced. I belive that once the language
> features are mature, these problems will be reduced.
I wish you well, but I recommend that you start a separate project
"secure Python". I don't think that the core will ever slow down its
evolution to a pace where security issues can be fixed faster than
they are generated by new code.
> As a side note, I'll have a look at that bug, if nobody has done so yet.
Please do.
--Guido van Rossum (home page: http://www.python.org/~guido/)