subject:"\[issue43472\] \[security\]\[subinterpreters\] Add auditing hooks to subinterpreter module"

[issue43472] [security][subinterpreters] Add auditing hooks to subinterpreter module

2021-04-28 Thread STINNER Victor



STINNER Victor  added the comment:


New changeset 0252ce35712f4a12e824fb8b40a867ec3460443e by Miss Islington (bot) 
in branch '3.9':
bpo-43472: Ensure PyInterpreterState_New audit events are raised when called 
through _xxsubinterpreters module (GH-25506) (GH-25508)
https://github.com/python/cpython/commit/0252ce35712f4a12e824fb8b40a867ec3460443e


--
nosy: +vstinner

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue43472] [security][subinterpreters] Add auditing hooks to subinterpreter module

2021-04-21 Thread miss-islington



miss-islington  added the comment:


New changeset 602eefef0bd0187049c2ab9071390f8573fc299a by Miss Islington (bot) 
in branch '3.8':
bpo-43472: Ensure PyInterpreterState_New audit events are raised when called 
through _xxsubinterpreters module (GH-25506)
https://github.com/python/cpython/commit/602eefef0bd0187049c2ab9071390f8573fc299a


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue43472] [security][subinterpreters] Add auditing hooks to subinterpreter module

2021-04-21 Thread Steve Dower



Change by Steve Dower :


--
assignee:  -> steve.dower
resolution:  -> fixed
stage: patch review -> resolved
status: open -> closed
versions: +Python 3.8, Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue43472] [security][subinterpreters] Add auditing hooks to subinterpreter module

2021-04-21 Thread miss-islington



Change by miss-islington :


--
pull_requests: +24227
pull_request: https://github.com/python/cpython/pull/25509

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue43472] [security][subinterpreters] Add auditing hooks to subinterpreter module

2021-04-21 Thread miss-islington



Change by miss-islington :


--
nosy: +miss-islington
nosy_count: 4.0 -> 5.0
pull_requests: +24226
pull_request: https://github.com/python/cpython/pull/25508

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue43472] [security][subinterpreters] Add auditing hooks to subinterpreter module

2021-04-21 Thread Steve Dower



Steve Dower  added the comment:


New changeset 7b86e47617d81a4b14d929743425f448971e8c86 by Steve Dower in branch 
'master':
bpo-43472: Ensure PyInterpreterState_New audit events are raised when called 
through _xxsubinterpreters module (GH-25506)
https://github.com/python/cpython/commit/7b86e47617d81a4b14d929743425f448971e8c86


--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue43472] [security][subinterpreters] Add auditing hooks to subinterpreter module

2021-04-21 Thread Steve Dower



Change by Steve Dower :


--
keywords: +patch
pull_requests: +24224
stage:  -> patch review
pull_request: https://github.com/python/cpython/pull/25506

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue43472] [security][subinterpreters] Add auditing hooks to subinterpreter module

2021-04-21 Thread Steve Dower



Steve Dower  added the comment:

I'll need Eric to confirm, but I think the best thing to do here is to not 
release the thread state in _xxsubinterpreters.interp_create, but let 
_Py_NewInterpreter() do it. That way the existing event will be raised in 
interpreter-level hooks, rather than only the process-wide hook.

PR incoming.

--

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue43472] [security][subinterpreters] Add auditing hooks to subinterpreter module

2021-04-06 Thread Saiyang Gou



Saiyang Gou  added the comment:

One problem is the naming of audit events. Actually I didn't even notice that 
`_xxsubinterpreters` was already there since Python 3.8, because PEP 554 is 
still in draft status as for now. Looks like `_xxsubinterpreters` is an 
internal low-level interface to subinterpreters (and probably only meant for 
testing purposes for now), while PEP 554 will bring a high-level interface 
`interpreters` for users. Naming the audit events as `interpreters.*` will be 
more readable, although the `interpreters` module doesn't actually exist today.

--
nosy: +gousaiyang

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue43472] [security][subinterpreters] Add auditing hooks to subinterpreter module

2021-03-11 Thread Christian Heimes



New submission from Christian Heimes :

The subinterpreters module does not emit any audit events yet. It's possible to 
create a subinterpreter and run arbitrary code through run_string().

We should also improve documentation of sys.addaudithook() and explain what 
'current interpreter' actually means. I guess most users don't realize the 
consequences for subinterpreters.

$ ./python auditsub.py
('os.system', (b'echo main interpreter',))
main interpreter
you got pwned
[heimes@seneca cpython]$ cat au
auditsub.py autom4te.cache/ 
[heimes@seneca cpython]$ cat auditsub.py 
import sys
import _xxsubinterpreters

def hook(*args):
print(args)

sys.addaudithook(hook)

import os
os.system('echo main interpreter')

sub = _xxsubinterpreters.create()
_xxsubinterpreters.run_string(sub, "import os; os.system('echo you got 
pwned')", None)

$ ./python auditsub.py 
('os.system', (b'echo main interpreter',))
main interpreter
you got pwned

--
components: Interpreter Core, Subinterpreters
messages: 388489
nosy: christian.heimes, eric.snow, steve.dower
priority: normal
severity: normal
status: open
title: [security][subinterpreters] Add auditing hooks to subinterpreter module
type: security
versions: Python 3.10

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue43472] [security][subinterpreters] Add auditing hooks to subinterpreter module

[issue43472] [security][subinterpreters] Add auditing hooks to subinterpreter module

[issue43472] [security][subinterpreters] Add auditing hooks to subinterpreter module

[issue43472] [security][subinterpreters] Add auditing hooks to subinterpreter module

[issue43472] [security][subinterpreters] Add auditing hooks to subinterpreter module

[issue43472] [security][subinterpreters] Add auditing hooks to subinterpreter module

[issue43472] [security][subinterpreters] Add auditing hooks to subinterpreter module

[issue43472] [security][subinterpreters] Add auditing hooks to subinterpreter module

[issue43472] [security][subinterpreters] Add auditing hooks to subinterpreter module

[issue43472] [security][subinterpreters] Add auditing hooks to subinterpreter module

10 matches

Site Navigation

Mail list logo

Footer information