[Python-Dev] Python and Security

Martin v. Loewis martin@v.loewis.de
Sun, 20 Jan 2002 23:37:11 +0100


> That said, however, i wonder why security rarely comes up as an
> issue for Python.  Is it because nobody expects security properties
> from the language?  Does anyone know how much the restricted
> execution feature gets used?  Is there anyone here that would use
> a tainting feature if it existed?

In my understanding, tainting is needed if you allow data received
from remote to invoke arbitrary operations. In Python, there is only a
short list where this might cause a problem:

- invoking exec or eval on a string of unknown origin
- unpickling an arbitrary string
- performing getattr with a parameter of unknown origin.

Because there are so few places where tainted data may cause problems,
it never is an issue: people just intuitively know to avoid them.

> It would be interesting to explore the possibilities for safe
> distributed programming in Python.  

Not sure what this has to do with tainting, though: if you want to
execute code you receive from untrusted sources, a sandbox is closer
to what you need.

Regards,
Martin