[Python-Dev] Python and Security
Simon Cozens
simon@netthink.co.uk
Mon, 21 Jan 2002 02:06:53 +0000
On Sun, Jan 20, 2002 at 05:38:59PM -0800, Aahz Maruch wrote:
> More precisely, because Perl culture developed as a superset of shell
> scripts, it used to be all-too-common for Perl scripts to get their data
> by parsing the output of a Unix utility (instead of calling a library
> function directly). This necessarily spawned a subshell where malicious
> input could be a security problem.
Not so.
This is what taint is: Taint tells you where there's some shit you want
to clean up.
If you ask the user for a filename to write to, taint tells you that
you'd better check for leading slashes, double dots and the like before
writing to it. If you're about to run an external program, taint tells
you that you might not want to believe the user's idea of what $PATH
ought to be. If you're getting a URL from somewhere, taint tells you
that you should probably think twice before happily passing back
file:///etc/shadow. And so on and so forth. None of these examples are
about input to a subshell.
I'm not in a position to say whether or not Python needs taint; if it
had it, I probably wouldn't use the feature. But let's not misunderstand
what it's for.
--
Thermodynamics in a nutshell:
1st Law: You can't win. (Energy is conserved)
2nd Law: You can't break even. (Entropy)
0th Law: You can't even quit the game. (Closed systems) -- Taki Kogoma