[Python-Dev] PEP 476: Enabling certificate validation by default!

Nick Coghlan ncoghlan at gmail.com
Mon Sep 1 16:53:11 CEST 2014


On 2 Sep 2014 00:08, "Antoine Pitrou" <solipsis at pitrou.net> wrote:
>
> On Mon, 1 Sep 2014 23:42:10 +1000
> Chris Angelico <rosuav at gmail.com> wrote:
> > >>
> > >> That has to be done inside the same process. But imagine this
> > >> scenario: You have a program that gets invoked as root (or some other
> > >> user than yourself), and you're trying to fiddle with what it sees.
> > >> You don't have root access, but you can manipulate the file system,
to
> > >> the extent that your userid has access. What can you do to affect
this
> > >> other program?
> > >
> > > If you're root you shouldn't run untrusted code. See
> > > https://docs.python.org/3/using/cmdline.html#cmdoption-I
> >
> > Right, which is why sslcustomize has to be controlled by that, but the
> > possibility of patching (or monkeypatching) ssl.py isn't as big a
> > deal.
>
> To be frank I don't understand what you're arguing about.

When I said "shadowing ssl can be tricky to arrange", Chris correctly
interpreted it as referring to the filesystem based privilege escalation
scenario that isolated mode handles, not to normal in-process
monkeypatching or module injection. I don't consider the latter cases to be
interesting attack scenarios, as they imply the attacker is *already*
running arbitrary Python code inside your CPython process, so you've
already lost.

Cheers,
Nick.

>
>
> _______________________________________________
> Python-Dev mailing list
> Python-Dev at python.org
> https://mail.python.org/mailman/listinfo/python-dev
> Unsubscribe:
https://mail.python.org/mailman/options/python-dev/ncoghlan%40gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20140902/eb148ebe/attachment-0001.html>


More information about the Python-Dev mailing list