[Python-Dev] known obvious thing or bug (rexec)?

[Gustavo Niemeyer]

> > Perhaps the main features could be left in the core, without any real
> > application being offered as part of the "batteries". This way, a secure
> > environment could evolve in parallel, without forking the Python
> > development itself.
> 
> Of course that assumes that the main features in the core are secure.
> Samuele's observation that restricted code can modify a new-style
> class passed in belies that.

How that would affect Python itself, if no rexec module was offered? He
wouldn't even notice that this problem was there, unless he was using
the "python-rexec" external module. Even then, he would have reported
this as a bug in "python-rexec", not in Python itself.

> > I was talking about major changes like type/class unification. I belive
> > that major changes like this won't happen often, and that's the kind of
> > change that affected the restricted execution so far.
> 
> As far as you know.  Every change is a potential security hole.

I meant that the problems I have seen so far were caused by major
changes. I agree that it's hard to predict what change is going to
break it.

> Better put it in a serious chroot jail.

Indeed. It'd be good if that machine was completely dedicated to this
purpose.

> I think this has been tried and broken into before.

That's the goal! To get into the hall-of-fame, one would have to tell
how he got in. We can also send an email to someone just before
executing the code, so that even anonymous hackers contribute with the
idea.

-- 
Gustavo Niemeyer

[ 2AAC 7928 0FBF 0299 5EB5  60E2 2253 B29A 6664 3A0C ]