[Python-Dev] tainting (original) (raw)

Skip Montanaro skip@pobox.com
Wed, 8 Jan 2003 11:14:44 -0600

• Previous message: [Python-Dev] Re: Whither rexec?
• Next message: [Python-Dev] tainting
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> >   Tainting                   -- tracking trusted status of objects
>> 
>> This is clearly out of scope of rexec, and, IMO, not relevant for
>> untrusted code. Tainting is about processing untrusted data by
>> trusted code.

Kevin> I don't think it is so clearly out of the scope of the space of
Kevin> all possible restricted execution enviornments.  Tainting (used
Kevin> in a fairly liberal sense) is one way to propogate the security
Kevin> status of objects without having to proxy them.

Can tainting be restricted to just strings and unicode objects or is it a facility which needs to be extended to all objects whose state could be affected by them? For example, if I execute:

s = raw_input("Enter a string here: ")

Clearly s would be tainted. Suppose I then executed:

t = int(s)
x.foo = s[4:]

Would t need to be tainted? I assume the object associated with x.foo would have to be since it is a string (actually, that would be a side effect of the slicing operation). Would the object associated with x itself have to be tainted?

How best to untaint an object? Perl untaints when the programmer extracts bits from a tainted string via regular expressions. That seems rather unPythonic. Should objects which can be tainted just have a writable 'taint' attribute?

Skip

• Previous message: [Python-Dev] Re: Whither rexec?
• Next message: [Python-Dev] tainting
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]