[Python-Dev] Python and Security (original) (raw)

Simon Cozens simon@netthink.co.uk
Mon, 21 Jan 2002 02:06:53 +0000

On Sun, Jan 20, 2002 at 05:38:59PM -0800, Aahz Maruch wrote:

More precisely, because Perl culture developed as a superset of shell scripts, it used to be all-too-common for Perl scripts to get their data by parsing the output of a Unix utility (instead of calling a library function directly). This necessarily spawned a subshell where malicious input could be a security problem.

Not so.

This is what taint is: Taint tells you where there's some shit you want to clean up.

If you ask the user for a filename to write to, taint tells you that you'd better check for leading slashes, double dots and the like before writing to it. If you're about to run an external program, taint tells you that you might not want to believe the user's idea of what $PATH ought to be. If you're getting a URL from somewhere, taint tells you that you should probably think twice before happily passing back file:///etc/shadow. And so on and so forth. None of these examples are about input to a subshell.

I'm not in a position to say whether or not Python needs taint; if it had it, I probably wouldn't use the feature. But let's not misunderstand what it's for.

-- Thermodynamics in a nutshell: 1st Law: You can't win. (Energy is conserved) 2nd Law: You can't break even. (Entropy) 0th Law: You can't even quit the game. (Closed systems) -- Taki Kogoma