[ python-Feature Requests-500698 ] Taint a la Perl?
SourceForge.net
noreply at sourceforge.net
Tue Feb 6 11:51:24 CET 2007
Feature Requests item #500698, was opened at 2002-01-08 03:48
Message generated for change (Comment added) made by jcrocholl
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=355470&aid=500698&group_id=5470
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Python Interpreter Core
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Peter Scott (sketerpot)
Assigned to: Nobody/Anonymous (nobody)
Summary: Taint a la Perl?
Initial Comment:
This might just add unnecessary bloat, but since Python is being
used in CGI scripts, it can be used to narrow a security hole. One way
of breaking security is for a naiive programmer (don't try to deny
their existance) to run an arbitrary command from the page
viewer.
Perl has developed an interesting mechanism for
helping with this: taint. The way it works is, when something comes
directly from the user, like a key in a form, it is considered to have
taint unless specifically untainted. Things like os.exec() would
create a warning message if you passed tainted strings to
them.
As I said, this might just add unnecessary bloat, but for
an option that can be left out for most builds of Python I think it
would be pretty nice.
----------------------------------------------------------------------
Comment By: Johann C. Rocholl (jcrocholl)
Date: 2007-02-06 11:51
Message:
Logged In: YES
user_id=656137
Originator: NO
http://svn.rocholl.net/taint/trunk/taint.py
----------------------------------------------------------------------
Comment By: Johann C. Rocholl (jcrocholl)
Date: 2007-02-05 22:55
Message:
Logged In: YES
user_id=656137
Originator: NO
I have come up with a class called SafeString which is the opposite of a
tainted string. In my model, all strings are tainted by default, and you
have to call untaint() to create a SafeString. Then I replace all
functions in the os module with wrapper functions that check all
parameters first and raise TaintError if any string is not safe. If I can
figure out how to attach a file here, I will post it. Otherwise you may
find it on comp.lang.python by the name of taint.py.
----------------------------------------------------------------------
Comment By: Peter Scott (sketerpot)
Date: 2003-02-14 18:21
Message:
Logged In: YES
user_id=252564
Thanks for the idea, phr. I wrote a small class called
TaintString, derived from string, that has a taint attribute. This
is probably the least difficult part. The difficult part will be in
modifying functions like os.system() to raise warnings or
exceptions when tainted strings are passed to them. I'm
currently thinking of making wrapper modules with names like
taint.os, or taint.cgi, but the problem with this is that you
have to manually use taint.* for certain functions. If anybody
can think of something that can simplify this, please post it.
----------------------------------------------------------------------
Comment By: paul rubin (phr)
Date: 2003-02-14 05:47
Message:
Logged In: YES
user_id=72053
With new-style classes, maybe this can be done by
subclassing string somehow. There would be a subclass for
tainted strings and trying to do most things with them would
raise an exception. With taint checking enabled, functions
like os.getenv and cgi.FieldStorage would make objects
containing tainted strings. You'd untaint them by passing
them to re.search or re.match and pulling out the match
variables, like in Per.
----------------------------------------------------------------------
Comment By: Skip Montanaro (montanaro)
Date: 2003-01-03 02:25
Message:
Logged In: YES
user_id=44345
Took awhile for a response to this feature request. ;-)
Perl's heavy integration of regular expressions with its
taint facility probably wouldn't work all that well in
Python. For one, Python has more ways of searching
strings than with regular expressions. Second, regular
expressions are not nearly as tightly wound into Python
as they are in Perl. I think you'd have to add a taint
attribute to strings and just rely on the programmer to
properly clear that attribute.
I think a first cut at an implementation would go much
further toward getting the concept seriously considered
for addition to Python.
----------------------------------------------------------------------
Comment By: Neal McBurnett (nealmcb)
Date: 2003-01-02 22:20
Message:
Logged In: YES
user_id=105956
I really like taint mode.
I think this would make Python a better choice for CGI scripts.
See http://www.perldoc.com/perl5.8.0/pod/perlsec.html
and http://gunther.web66.com/FAQS/taintmode.html
for more background.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=355470&aid=500698&group_id=5470
More information about the Python-bugs-list
mailing list