[Python-Dev] Python jail: whitelist vs blacklist (original) (raw)
Victor Stinner victor.stinner at haypocalc.com
Tue Feb 24 13:50:40 CET 2009
- Previous message: [Python-Dev] Challenge: Please break this! [Now with blog post]
- Next message: [Python-Dev] Python jail: whitelist vs blacklist
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
Today it's clear that tav's jail is broken. Many hackers proved how to break it. Fixing each hole is maybe not the good solution.
IMHO the problem is that tav choosed the blacklist approach: hide some "evil" attributes/functions and hope that the other are safe... which is wrong (eg. evil compile(), reload(), isinstance(), str !!!, TypeError, ...).
A better approach would be to create a new world (namespace) from an empty namespace and then add our "secure" functions/types using strong validations (using a whitelist instead of a blacklist).
Examples:
- why compile() was still available?
- why builtins is modifiable?
- why class is readable?
We should built an empty world and then add functions, types, attributes one by one until we can display an hello world ;-)
--
This approach was implemented in PyPy using two interpreters.
In CPython, we may use proxies on anything to check all operations. jail -- validations --> real world jail <-- proxy objects -- real world
tav's jail might be converted to the whitelist approach:
- add proxy to builtins
- add proxy to globals()
- add proxy to dir()
- ... well, add proxies to anything going to the jail ;-) and make sure that a proxy can not be modified by itself or read private attributes
My approach is maybe naive and imposible to implement :-)
-- Victor Stinner aka haypo http://www.haypocalc.com/blog/
- Previous message: [Python-Dev] Challenge: Please break this! [Now with blog post]
- Next message: [Python-Dev] Python jail: whitelist vs blacklist
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]