[Python-Dev] PEP 578: Python Runtime Audit Hooks
Christian Heimes
christian at python.org
Mon Apr 15 16:44:58 EDT 2019
More information about the Python-Dev mailing list
Mon Apr 15 16:44:58 EDT 2019
- Previous message (by thread): [Python-Dev] PEP 578: Python Runtime Audit Hooks
- Next message (by thread): [Python-Dev] PEP 578: Python Runtime Audit Hooks
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 28/03/2019 23.35, Steve Dower wrote: > Hi all > > Time is short, but I'm hoping to get PEP 578 (formerly PEP 551) into > Python 3.8. Here's the current text for review and comment before I > submit to the Steering Council. > > The formatted text is at https://www.python.org/dev/peps/pep-0578/ > (update just pushed, so give it an hour or so, but it's fundamentally > the same as what's there) > > No Discourse post, because we don't have a python-dev equivalent there > yet, so please reply here for this one. > > Implementation is at https://github.com/zooba/cpython/tree/pep-578/ and > my backport to 3.7 (https://github.com/zooba/cpython/tree/pep-578-3.7/) > is already getting some real use (though this will not be added to 3.7, > unless people *really* want it, so the backport is just for reference). Hi Steve, (memory dump before I go to bed) Steve Grubb from Red Hat security pointed me to some interesting things [1]. For instance there is some work on a new O_MAYEXEC flag for open(). Steve came to similar conclusions like we, e.g. streaming code from stdin is insecure. I think it would be also beneficial to have auditing events for the import system to track when sys.path or import loaders are changed. Christian [1] https://marc.info/?l=linux-fsdevel&m=155535414414626&w=2
- Previous message (by thread): [Python-Dev] PEP 578: Python Runtime Audit Hooks
- Next message (by thread): [Python-Dev] PEP 578: Python Runtime Audit Hooks
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list