>> > Tainting -- tracking trusted status of objects
>>
>> This is clearly out of scope of rexec, and, IMO, not relevant for
>> untrusted code. Tainting is about processing untrusted data by
>> trusted code.
Kevin> I don't think it is so clearly out of the scope of the space of
Kevin> all possible restricted execution enviornments. Tainting (used
Kevin> in a fairly liberal sense) is one way to propogate the security
Kevin> status of objects without having to proxy them.
Can tainting be restricted to just strings and unicode objects or is it a
facility which needs to be extended to all objects whose state could be
affected by them? For example, if I execute:
s = raw_input("Enter a string here: ")
Clearly s would be tainted. Suppose I then executed:
t = int(s)
x.foo = s[4:]
Would t need to be tainted? I assume the object associated with x.foo would
have to be since it is a string (actually, that would be a side effect of
the slicing operation). Would the object associated with x itself have to
be tainted?
How best to untaint an object? Perl untaints when the programmer extracts
bits from a tainted string via regular expressions. That seems rather
unPythonic. Should objects which can be tainted just have a writable
'taint' attribute?
Skip
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4