Message388304
To clarify my position on this (as the PEP author):
* audit hooks added *after* initialization (including via the Python API) are not intended for security, but for logging/debugging, and so bypasses are not considered security issues
* audit hooks added *before* Python is initialized should not be able to be bypassed *without* prior events indicating that a bypass is going to occur. Ways of bypassing/removing them without prior indicators should be reported as security issues
And note that all compile()d, imported or exec()d code should have been collected, which means any security bypass has to happen without arbitrary code execution.
These hooks are only one tool necessary to create a more secured environment, not the whole thing. (And note that I said "more secured" not "secure", because it's only as secure as you make it. The relative descriptor is deliberate.) |
|
Date |
User |
Action |
Args |
2021-03-08 21:06:56 | steve.dower | set | recipients:
+ steve.dower, vstinner, christian.heimes, docs@python |
2021-03-08 21:06:56 | steve.dower | set | messageid: <1615237616.3.0.945746026966.issue43438@roundup.psfhosted.org> |
2021-03-08 21:06:56 | steve.dower | link | issue43438 messages |
2021-03-08 21:06:56 | steve.dower | create | |
|