Message388489
The subinterpreters module does not emit any audit events yet. It's possible to create a subinterpreter and run arbitrary code through run_string().
We should also improve documentation of sys.addaudithook() and explain what 'current interpreter' actually means. I guess most users don't realize the consequences for subinterpreters.
$ ./python auditsub.py
('os.system', (b'echo main interpreter',))
main interpreter
you got pwned
[heimes@seneca cpython]$ cat au
auditsub.py autom4te.cache/
[heimes@seneca cpython]$ cat auditsub.py
import sys
import _xxsubinterpreters
def hook(*args):
print(args)
sys.addaudithook(hook)
import os
os.system('echo main interpreter')
sub = _xxsubinterpreters.create()
_xxsubinterpreters.run_string(sub, "import os; os.system('echo you got pwned')", None)
$ ./python auditsub.py
('os.system', (b'echo main interpreter',))
main interpreter
you got pwned |
|
Date |
User |
Action |
Args |
2021-03-11 09:31:02 | christian.heimes | set | recipients:
+ christian.heimes, eric.snow, steve.dower |
2021-03-11 09:31:02 | christian.heimes | set | messageid: <1615455062.58.0.468186541544.issue43472@roundup.psfhosted.org> |
2021-03-11 09:31:02 | christian.heimes | link | issue43472 messages |
2021-03-11 09:31:02 | christian.heimes | create | |
|