[issue39184] Many command execution functions are not raising auditing events
Saiyang Gou
report at bugs.python.org
Sat Jan 4 19:11:33 EST 2020
Saiyang Gou <gousaiyang223 at gmail.com> added the comment:
I have made PR 17824 to add auditing events for the command execution functions mentioned above.
After a review on other related Python modules, I think maybe the following functions can also be audited, but a discussion may be required to determine whether they are necessary (whether these actions are sensitive enough to record, and performance trade off).
- os.getenv/putenv/unsetenv
- os.getcwd/chdir
- os.chown/chmod
- os.stat/access
- os.link/symlink
- os.rename/renames/replace
- os.mkdir/mkdirs
- os.remove/removedirs/rmdir/unlink (`shutil.rmtree` is already audited)
- os.add_dll_directory
- os.fork
- os.kill/killpg
- os.path.exists/isfile/isdir/...
- signal.pthread_kill
- shutil.copy* (`shutil.copytree` is already audited)
- shutil.move
- shutil.chown
- shutil.unpack_archive (`shutil.make_archive` is already audited)
- resource.prlimit
- file operations in `msvcrt`
- functions in `fcntl`, `syslog`
- many high level networking modules such as `http.client/server`, `socketserver`, `xmlrpc` (the low-level `socket` calls are already audited)
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue39184>
_______________________________________
More information about the Python-bugs-list
mailing list