[Python-Dev] PEP 594: Removing dead batteries from the standard library (original) (raw)

Christian Heimes christian at python.org
Thu May 23 01:44:24 EDT 2019

On 23/05/2019 02.58, Steven D'Aprano wrote:

On Wed, May 22, 2019 at 01:31:18PM +0200, Christian Heimes wrote:

On 22/05/2019 12.19, Steven D'Aprano wrote:

I don't think this PEP should become a document about "Why you should use PAM". I appreciate that from your perspective as a Red Hat security guy, you want everyone to use best practices as you see them, but it isn't Python's position to convince Linux distros or users to use PAM.

I think the PEP should make clear why spwd is bad and pining for The Fjords. The document should point users to correct alternatives. There is no correct and secure way to use the spwd module to verify user accounts. Any use of spwd for logins introduces critical security bugs. When you use absolute language about security without considering threat models, like "there is no ... way" and "Any use", you lose credibility in my eyes. I have a Linux desktop where I am the only user but not the only user account. If I use spwd, what vulnerabilty am I introducing? That's not a rhetorical question. If spwd does introduce a threat that isn't already there, then please educate me, I genuinely want to know.

I can give you more details once I have resolved some CVEs. The problem can result into full system compromise by a local or remote attacker without any trace in the system audit and security logs. Depending on other circumstances, the issue is CVSS HIGH to CRITICAL, perhaps up to CVSS score 9.9.

Christian

More information about the Python-Dev mailing list