[Python-Dev] Python and Security
Simon Cozens
simon@netthink.co.uk
Mon, 21 Jan 2002 00:11:27 +0000
On Sun, Jan 20, 2002 at 11:37:11PM +0100, Martin v. Loewis wrote:
> In my understanding, tainting is needed if you allow data received
> from remote to invoke arbitrary operations. In Python, there is only a
> short list where this might cause a problem:
>
> - invoking exec or eval on a string of unknown origin
> - unpickling an arbitrary string
> - performing getattr with a parameter of unknown origin.
>From a Perl point of view, tainting is there to stop data received from
outside to do *anything* related to the system. This includes what you say,
but goes further:
- open
- os.popen (in fact, most of os.*)
- socket (no, really) and everything that depends on it (urllib, etc.)
Since Python has rexec for this sort of thing, tainting may not be so
important, but I think rexec goes too far. The idea of tainting is not
to *disallow* using, say, arbitrary user input from CGI scripts as
filenames - it's help the programmer segregate which pieces of data need
special treatment before being passed to these kinds of functions.
--
Rule the Empire through force.
-- Shogun Tokugawa