This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients christian.heimes, eric.snow, steve.dower
Date 2021-03-11.09:31:02
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1615455062.58.0.468186541544.issue43472@roundup.psfhosted.org>
In-reply-to
Content
The subinterpreters module does not emit any audit events yet. It's possible to create a subinterpreter and run arbitrary code through run_string().

We should also improve documentation of sys.addaudithook() and explain what 'current interpreter' actually means. I guess most users don't realize the consequences for subinterpreters.

$ ./python auditsub.py
('os.system', (b'echo main interpreter',))
main interpreter
you got pwned
[heimes@seneca cpython]$ cat au
auditsub.py     autom4te.cache/ 
[heimes@seneca cpython]$ cat auditsub.py 
import sys
import _xxsubinterpreters

def hook(*args):
    print(args)

sys.addaudithook(hook)

import os
os.system('echo main interpreter')

sub = _xxsubinterpreters.create()
_xxsubinterpreters.run_string(sub, "import os; os.system('echo you got pwned')", None)

$ ./python auditsub.py 
('os.system', (b'echo main interpreter',))
main interpreter
you got pwned
History
Date User Action Args
2021-03-11 09:31:02christian.heimessetrecipients: + christian.heimes, eric.snow, steve.dower
2021-03-11 09:31:02christian.heimessetmessageid: <1615455062.58.0.468186541544.issue43472@roundup.psfhosted.org>
2021-03-11 09:31:02christian.heimeslinkissue43472 messages
2021-03-11 09:31:02christian.heimescreate