New submission from STINNER Victor <vstin...@python.org>:
It is currently possible to discover the internal list of audit hooks using gc module functions, like gc.get_objects(), and so remove an audit hooks, whereas it is supposed to not be possible. The PEP 578 states: "Hooks cannot be removed or replaced." Rather than attempting to fix this specific vulnerability, I suggest to add new audit events on the following gc functions: * gc.get_objects() * gc.get_referrers() * gc.get_referents() These functions are "dangerous" since they can expose Python objects in an inconsistent state. In the past, we add multiple bugs related to "internal" tuples which were not fully initialized (but already tracked by the GC). See bpo-15108 for an example. Note: if someone wants to address the ability to remove an audit hook, the internal list can be modified to not be a Python object. ---------- components: Library (Lib) messages: 388300 nosy: christian.heimes, pablogsal, steve.dower, vstinner priority: normal severity: normal status: open title: [security] Add audit events on GC functions giving access to all Python objects versions: Python 3.10 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue43439> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
