Feature Requests item #500698, was opened at 2002-01-08 03:48 Message generated for change (Comment added) made by jcrocholl You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=355470&aid=500698&group_id=5470
Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Python Interpreter Core Group: None Status: Open Resolution: None Priority: 5 Private: No Submitted By: Peter Scott (sketerpot) Assigned to: Nobody/Anonymous (nobody) Summary: Taint a la Perl? Initial Comment: This might just add unnecessary bloat, but since Python is being used in CGI scripts, it can be used to narrow a security hole. One way of breaking security is for a naiive programmer (don't try to deny their existance) to run an arbitrary command from the page viewer. Perl has developed an interesting mechanism for helping with this: taint. The way it works is, when something comes directly from the user, like a key in a form, it is considered to have taint unless specifically untainted. Things like os.exec() would create a warning message if you passed tainted strings to them. As I said, this might just add unnecessary bloat, but for an option that can be left out for most builds of Python I think it would be pretty nice. ---------------------------------------------------------------------- Comment By: Johann C. Rocholl (jcrocholl) Date: 2007-02-05 22:55 Message: Logged In: YES user_id=656137 Originator: NO I have come up with a class called SafeString which is the opposite of a tainted string. In my model, all strings are tainted by default, and you have to call untaint() to create a SafeString. Then I replace all functions in the os module with wrapper functions that check all parameters first and raise TaintError if any string is not safe. If I can figure out how to attach a file here, I will post it. Otherwise you may find it on comp.lang.python by the name of taint.py. ---------------------------------------------------------------------- Comment By: Peter Scott (sketerpot) Date: 2003-02-14 18:21 Message: Logged In: YES user_id=252564 Thanks for the idea, phr. I wrote a small class called TaintString, derived from string, that has a taint attribute. This is probably the least difficult part. The difficult part will be in modifying functions like os.system() to raise warnings or exceptions when tainted strings are passed to them. I'm currently thinking of making wrapper modules with names like taint.os, or taint.cgi, but the problem with this is that you have to manually use taint.* for certain functions. If anybody can think of something that can simplify this, please post it. ---------------------------------------------------------------------- Comment By: paul rubin (phr) Date: 2003-02-14 05:47 Message: Logged In: YES user_id=72053 With new-style classes, maybe this can be done by subclassing string somehow. There would be a subclass for tainted strings and trying to do most things with them would raise an exception. With taint checking enabled, functions like os.getenv and cgi.FieldStorage would make objects containing tainted strings. You'd untaint them by passing them to re.search or re.match and pulling out the match variables, like in Per. ---------------------------------------------------------------------- Comment By: Skip Montanaro (montanaro) Date: 2003-01-03 02:25 Message: Logged In: YES user_id=44345 Took awhile for a response to this feature request. ;-) Perl's heavy integration of regular expressions with its taint facility probably wouldn't work all that well in Python. For one, Python has more ways of searching strings than with regular expressions. Second, regular expressions are not nearly as tightly wound into Python as they are in Perl. I think you'd have to add a taint attribute to strings and just rely on the programmer to properly clear that attribute. I think a first cut at an implementation would go much further toward getting the concept seriously considered for addition to Python. ---------------------------------------------------------------------- Comment By: Neal McBurnett (nealmcb) Date: 2003-01-02 22:20 Message: Logged In: YES user_id=105956 I really like taint mode. I think this would make Python a better choice for CGI scripts. See http://www.perldoc.com/perl5.8.0/pod/perlsec.html and http://gunther.web66.com/FAQS/taintmode.html for more background. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=355470&aid=500698&group_id=5470 _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
