[Python-Dev] tainting

Kevin Jacobs jacobs@penguin.theopalgroup.com
Wed, 8 Jan 2003 12:24:39 -0500 (EST) 

On Wed, 8 Jan 2003, Skip Montanaro wrote:
>     >> >   Tainting                   -- tracking trusted status of objects
>     >> 
>     >> This is clearly out of scope of rexec, and, IMO, not relevant for
>     >> untrusted code. Tainting is about processing untrusted data by
>     >> trusted code.
> 
>     Kevin> I don't think it is so clearly out of the scope of the space of
>     Kevin> all possible restricted execution enviornments.  Tainting (used
>     Kevin> in a fairly liberal sense) is one way to propogate the security
>     Kevin> status of objects without having to proxy them.
> 
> Can tainting be restricted to just strings and unicode objects or is it a
> facility which needs to be extended to all objects whose state could be
> affected by them?

Tainting a la Perl is all about strings and the operations that will taint
and untaint, mainly to keep neophytes from writing bad CGI script.  For my
purposes, I want tainting to represent the 'trustiness' of any object in
order to tell the interpreter what operations may be performed on/with it in
a given context.  Maybe is would be clearer to talk about 'security
monikers' instead of tainting.

> For example, if I execute:
> 
>     s = raw_input("Enter a string here: ")
> 
> Clearly s would be tainted.  Suppose I then executed:
> 
>     t = int(s)
>     x.foo = s[4:]
> 
> Would t need to be tainted?  I assume the object associated with x.foo would
> have to be since it is a string (actually, that would be a side effect of
> the slicing operation).  Would the object associated with x itself have to
> be tainted?
> 
> How best to untaint an object?  Perl untaints when the programmer extracts
> bits from a tainted string via regular expressions.  That seems rather
> unPythonic.  Should objects which can be tainted just have a writable
> 'taint' attribute?

I'll deffer to Lewis Carrol:

   Alice asks: "Would you tell me, please, which way I ought to go from
   here?"  "That depends a good deal on where you want to get to," said the
   Cheshire Cat.

-Kevin ;)

--
Kevin Jacobs
The OPAL Group - Enterprise Systems Architect
Voice: (216) 986-0710 x 19         E-mail: jacobs@theopalgroup.com
Fax:   (216) 986-0714              WWW:    http://www.theopalgroup.com