[Python-checkins] peps: PEP 493: clarify a security caveat
nick.coghlan
python-checkins at python.org
Thu Feb 25 03:21:56 EST 2016
https://hg.python.org/peps/rev/a24451715d84
changeset: 6245:a24451715d84
user: Nick Coghlan <ncoghlan at gmail.com>
date: Thu Feb 25 18:21:44 2016 +1000
summary:
PEP 493: clarify a security caveat
files:
pep-0493.txt | 17 +++++++++++++----
1 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/pep-0493.txt b/pep-0493.txt
--- a/pep-0493.txt
+++ b/pep-0493.txt
@@ -246,10 +246,19 @@
approach does introduce a new downgrade attack against the default security
settings that potentially allows a sufficiently determined attacker to revert
Python to the default behaviour used in CPython 2.7.8 and earlier releases.
-However, such an attack requires the ability to modify the execution
-environment of a Python process prior to the import of the ``ssl`` module,
-and any attacker with such access would already be able to modify the
-behaviour of the underlying OpenSSL implementation.
+
+This slight increase in the available attack surface is the main reason why:
+
+* security sensitive applications should still define their own SSL context
+* the migration features described in this PEP are not being added to Python 3
+
+However, it's also worth keeping in mind that carrying out such an attack
+requires the ability to modify the execution environment of a Python process
+prior to the import of the ``ssl`` module. In combination with the ability
+to write to any part of the filesystem (such as ``/tmp``), any attacker with
+such access would already be able to modify the behaviour of the underlying
+OpenSSL implementation, the dynamic library loader, and other potentially
+security sensitive components.
Interaction with Python virtual environments
--------------------------------------------
--
Repository URL: https://hg.python.org/peps
More information about the Python-checkins
mailing list