[Python-Dev] Python and Security
Martin v. Loewis
martin@v.loewis.de
Sun, 20 Jan 2002 23:37:11 +0100
> That said, however, i wonder why security rarely comes up as an
> issue for Python. Is it because nobody expects security properties
> from the language? Does anyone know how much the restricted
> execution feature gets used? Is there anyone here that would use
> a tainting feature if it existed?
In my understanding, tainting is needed if you allow data received
from remote to invoke arbitrary operations. In Python, there is only a
short list where this might cause a problem:
- invoking exec or eval on a string of unknown origin
- unpickling an arbitrary string
- performing getattr with a parameter of unknown origin.
Because there are so few places where tainted data may cause problems,
it never is an issue: people just intuitively know to avoid them.
> It would be interesting to explore the possibilities for safe
> distributed programming in Python.
Not sure what this has to do with tainting, though: if you want to
execute code you receive from untrusted sources, a sandbox is closer
to what you need.
Regards,
Martin