classification
Title: [security][subinterpreters] Add auditing hooks to subinterpreter module
Type: security Stage:
Components: Interpreter Core, Subinterpreters Versions: Python 3.10
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: christian.heimes, eric.snow, gousaiyang, steve.dower
Priority: normal Keywords:

Created on 2021-03-11 09:31 by christian.heimes, last changed 2021-04-06 23:18 by gousaiyang.

Messages (2)
msg388489 - (view) Author: Christian Heimes (christian.heimes) * (Python committer) Date: 2021-03-11 09:31
The subinterpreters module does not emit any audit events yet. It's possible to create a subinterpreter and run arbitrary code through run_string().

We should also improve documentation of sys.addaudithook() and explain what 'current interpreter' actually means. I guess most users don't realize the consequences for subinterpreters.

$ ./python auditsub.py
('os.system', (b'echo main interpreter',))
main interpreter
you got pwned
[heimes@seneca cpython]$ cat au
auditsub.py     autom4te.cache/ 
[heimes@seneca cpython]$ cat auditsub.py 
import sys
import _xxsubinterpreters

def hook(*args):
    print(args)

sys.addaudithook(hook)

import os
os.system('echo main interpreter')

sub = _xxsubinterpreters.create()
_xxsubinterpreters.run_string(sub, "import os; os.system('echo you got pwned')", None)

$ ./python auditsub.py 
('os.system', (b'echo main interpreter',))
main interpreter
you got pwned
msg390387 - (view) Author: Saiyang Gou (gousaiyang) * Date: 2021-04-06 23:18
One problem is the naming of audit events. Actually I didn't even notice that `_xxsubinterpreters` was already there since Python 3.8, because PEP 554 is still in draft status as for now. Looks like `_xxsubinterpreters` is an internal low-level interface to subinterpreters (and probably only meant for testing purposes for now), while PEP 554 will bring a high-level interface `interpreters` for users. Naming the audit events as `interpreters.*` will be more readable, although the `interpreters` module doesn't actually exist today.
History
Date User Action Args
2021-04-06 23:18:34gousaiyangsetnosy: + gousaiyang
messages: + msg390387
2021-03-11 09:31:02christian.heimescreate