[Security-sig] PEP 551: Security transparency in the Python runtime

[Nathaniel Smith]

I don't have any particular security expertise, but a few thoughts anyway...

- your big list of logged events seems to be missing
getaddrinfo/getnameinfo (the modern replacements for get*by*)

- you make it possible for arbitrary code to log arbitrary events by
calling sys.loghook, which seems useful if you want to allow e.g. cffi to
log similar events to the ones that ctypes logs. But are you worried that
attackers could use the ability to forge arbitrary events to cover their
trail?

- the name "spython" makes me nervous, because I feel like as soon as
discussion switches from specifics like "transparency through event
logging" to vague abstractions like "secure", then it becomes much more
difficult to have useful discussions. Like, we're inevitably going to have
people trying to use 'spython' to replace their normal python 'because it's
more secure' and stuff like that. Would it make sense to call it something
else, like 'tpython' (for 'transparent'), or 'stdemo-python' (to emphasize
that it's more intended as an example and starting point rather than a
useful product)?

-n
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/security-sig/attachments/20170824/14ad6091/attachment.html>