Issue 1546203: bcannon secure branch issues (original) (raw)

Referring to http://svn.python.org/view/python/ branches/bcannon-sandboxing/ securing_python.txt?view=markup but there doesn't seem to be a group/category for feedback on branches.

The sys module should not be shared between interpreters, even though it is an extension module.
(If need be, each sys module can be a proxy that itself imports from the "real" sys.) sys should probably also be filled explicitly on creation, like builtins. (And the same for os, os.path?)

Note that this will affect which sys.attributes should be available (perhaps read-only) or hidden by default -

• and that should really only be by default.

For specific examples:

• some programs modify sys.argv to communicated between modules. So long as the initial value of sys.argv is set to something sufficiently discreet, there should be no problem letting them continue to do so.
• The current draft hides sys.subversion (revealing unpatched bugs?) but shows sys.version (which reveals the same information, at a coarser grain).
• getdefaultencoding may compromise privacy information, particularly for smaller languages.