[Security-sig] PEP 551: Security transparency in the Python runtime
Christian Heimes
christian at python.org
Fri Aug 25 14:05:02 EDT 2017
On 2017-08-24 19:13, Steve Dower wrote:
> Hi security-sig,
>
> Those of you who were at the PyCon US language summit this year (or who
> saw the coverage at https://lwn.net/Articles/723823/) may recall that I
> talked briefly about the ways Python is used by attackers to gain and/or
> retain access to systems on local networks.
[...]
> TODO - more hooks in ``_socket``, ``_ssl``, others?
Does it make sense to include mmap()? After all mmap can be used to
execute arbitrary machine code in memory.
For the SSL module, what would you like to log? Server certs and
connection parameters (cipher suite)?
Christian
More information about the Security-SIG
mailing list