[Python-Dev] tainting (original) (raw)
Skip Montanaro skip@pobox.com
Wed, 8 Jan 2003 11:14:44 -0600
- Previous message: [Python-Dev] Re: Whither rexec?
- Next message: [Python-Dev] tainting
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
>> > Tainting -- tracking trusted status of objects
>>
>> This is clearly out of scope of rexec, and, IMO, not relevant for
>> untrusted code. Tainting is about processing untrusted data by
>> trusted code.
Kevin> I don't think it is so clearly out of the scope of the space of
Kevin> all possible restricted execution enviornments. Tainting (used
Kevin> in a fairly liberal sense) is one way to propogate the security
Kevin> status of objects without having to proxy them.
Can tainting be restricted to just strings and unicode objects or is it a facility which needs to be extended to all objects whose state could be affected by them? For example, if I execute:
s = raw_input("Enter a string here: ")
Clearly s would be tainted. Suppose I then executed:
t = int(s)
x.foo = s[4:]
Would t need to be tainted? I assume the object associated with x.foo would have to be since it is a string (actually, that would be a side effect of the slicing operation). Would the object associated with x itself have to be tainted?
How best to untaint an object? Perl untaints when the programmer extracts bits from a tainted string via regular expressions. That seems rather unPythonic. Should objects which can be tainted just have a writable 'taint' attribute?
Skip
- Previous message: [Python-Dev] Re: Whither rexec?
- Next message: [Python-Dev] tainting
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]