You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Because of when _Py_ClearAuditHooks is called during finalization, it is possible that __del__ destructors will be called after hooks have been cleared. Audit events that would be raised here are dropped.
We should ensure these events are received by any known hooks for the interpreter (Python) or the runtime (C).
Patch attached below works well, but with less functionality for users' audit hook.
Pure Python audit hook implement looks safe enough.
Should we need call _PySys_ClearAuditHooks earlier for more functionality?
PR 21222 (with test updates) is a good fix, though we know there can still be arbitrary code executed afterwards. But it's not in a place where we can reliably hook.
Probably the best thing to do is to make sure that events are raised for anything that would be required to add code there. Though that may not be feasible either, but since nobody should be doing that kind of thing deliberately, detection is just as valuable as prevention.
Merged the initial fix, but we now need to find any exploitable paths that remain.
Considering how late in finalization they now run, they're very unlikely to succeed at doing anything interesting. However, they'd also qualify as bugs (potentially crashes), so we'll want to find ways to make them run earlier anyway.