-
-
Notifications
You must be signed in to change notification settings - Fork 29.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[security][subinterpreters] Add auditing hooks to subinterpreter module #87638
Comments
The subinterpreters module does not emit any audit events yet. It's possible to create a subinterpreter and run arbitrary code through run_string(). We should also improve documentation of sys.addaudithook() and explain what 'current interpreter' actually means. I guess most users don't realize the consequences for subinterpreters. $ ./python auditsub.py
('os.system', (b'echo main interpreter',))
main interpreter
you got pwned
[heimes@seneca cpython]$ cat au
auditsub.py autom4te.cache/
[heimes@seneca cpython]$ cat auditsub.py
import sys
import _xxsubinterpreters def hook(*args):
print(args)
sys.addaudithook(hook)
import os
os.system('echo main interpreter')
sub = _xxsubinterpreters.create()
_xxsubinterpreters.run_string(sub, "import os; os.system('echo you got pwned')", None) $ ./python auditsub.py
('os.system', (b'echo main interpreter',))
main interpreter
you got pwned |
One problem is the naming of audit events. Actually I didn't even notice that |
I'll need Eric to confirm, but I think the best thing to do here is to not release the thread state in _xxsubinterpreters.interp_create, but let _Py_NewInterpreter() do it. That way the existing event will be raised in interpreter-level hooks, rather than only the process-wide hook. PR incoming. |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: