[Python-Dev] Python jail: whitelist vs blacklist (original) (raw)

tav tav at espians.com
Tue Feb 24 15🔞28 CET 2009

Hey Victor,

Today it's clear that tav's jail is broken.

Forgive me as I'm sleep deprived, but no =)

Many hackers proved how to break it. Fixing each hole is maybe not the good solution.

The aim of this challenge has been to:

  1. Validate the functions-based approach
  2. Verify if the proposed set of new attribute RESTRICTIONs are enough

As such, it has been important to ensure that we have as large an attack surface as possible.

And given how trivial it has been to fix the bugs, the functions-based approach seems to be holding up =)

And as for the attributes needing to be restricted, we've discovered that we need to restrict the f_* attributes of frameobject along with the initial type.subclasses, gi_code and gi_frame.

A better approach would be to create a new world (namespace) from an empty namespace and then add our "secure" functions/types using strong validations (using a whitelist instead of a blacklist).

Sure -- you are absolutely right about using a whitelist approach.

safelite.py is just for the challenge... to demonstrate that the functions-based approach could possibly lead to securing the Python interpreter and to verify that we've restricted the necessary attributes.

Once the patch gets accepted, we can start creating a fresh world built up from an object capability base =)

In CPython, we may use proxies on anything to check all operations.  jail   -- validations --> real world  jail <-- proxy objects -- real world

Ehm, I'd strongly discourage any approaches using proxies. The performance penalties will just be insane.

If you really want one though -- check out Zope proxy. It already implements this quite well and you can use it today! =)

-- love, tav

plex:espians/tav | tav at espians.com | +44 (0) 7809 569 369 http://tav.espians.com | http://twitter.com/tav | skype:tavespian

More information about the Python-Dev mailing list