This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients christian.heimes, eric.snow, steve.dower
Date 2021-03-11.09:31:02
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
The subinterpreters module does not emit any audit events yet. It's possible to create a subinterpreter and run arbitrary code through run_string().

We should also improve documentation of sys.addaudithook() and explain what 'current interpreter' actually means. I guess most users don't realize the consequences for subinterpreters.

$ ./python
('os.system', (b'echo main interpreter',))
main interpreter
you got pwned
[heimes@seneca cpython]$ cat au     autom4te.cache/ 
[heimes@seneca cpython]$ cat 
import sys
import _xxsubinterpreters

def hook(*args):


import os
os.system('echo main interpreter')

sub = _xxsubinterpreters.create()
_xxsubinterpreters.run_string(sub, "import os; os.system('echo you got pwned')", None)

$ ./python 
('os.system', (b'echo main interpreter',))
main interpreter
you got pwned
Date User Action Args
2021-03-11 09:31:02christian.heimessetrecipients: + christian.heimes, eric.snow, steve.dower
2021-03-11 09:31:02christian.heimessetmessageid: <>
2021-03-11 09:31:02christian.heimeslinkissue43472 messages
2021-03-11 09:31:02christian.heimescreate