[Python-Dev] PEP 578: Python Runtime Audit Hooks

Steve Dower steve.dower at python.org
Mon Apr 15 17:17:04 EDT 2019


On 15Apr2019 1344, Christian Heimes wrote:
> Hi Steve,
> 
> (memory dump before I go to bed)
> 
> Steve Grubb from Red Hat security pointed me to some interesting things
> [1]. For instance there is some work on a new O_MAYEXEC flag for open().
> Steve came to similar conclusions like we, e.g. streaming code from
> stdin is insecure.
> 
> [1] https://marc.info/?l=linux-fsdevel&m=155535414414626&w=2

Thanks for the pointer! Using this for open_code() by default on 
platforms that support it might be a good opportunity in the future. But 
I'm glad I'm not the only one who thinks this is the right approach :)

> I think it would be also beneficial to have auditing events for the
> import system to track when sys.path or import loaders are changed.

Already in there (kind of... the "import" events include the contents of 
the sys properties that are about to be used to resolve it - since these 
are plain-old lists, and can be easily reassigned, passing them through 
here allows you to add a check if you really want it but otherwise not 
pay the cost of replacing the sys module with a special implementation 
and its attributes with special lists).

Cheers,
Steve


More information about the Python-Dev mailing list