Skip to content

[Deleted] #140451

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

[Deleted] #140451

wants to merge 3 commits into from
+800 −1

Conversation

iyehuda
Copy link

@iyehuda iyehuda commented Oct 22, 2025
edited
Loading

No description provided.

@iyehuda
Add security context with deserialization guard
5a3320e 
Introduces a context-aware taint tracking mechanism to protect against
arbitrary code execution during pickle deserialization.

Core mechanism:
- Added `security_ctx` struct to PyContext with deserialization_taint_counter
- New internal API to track deserialization state:
  * _PyContext_IncrementDeserializationTaint()
  * _PyContext_DecrementDeserializationTaint()
  * _PyContext_IsDeserializationTainted()

- Taint counter is incremented when entering pickle.loads() and decremented
  on exit (both success and error paths)
- Taint state propagates to new contexts created during deserialization

Design rationale:
Extends PyContext (thread context) as it's the existing mechanism for context
variables and is natively supported by higher-level concurrency models like
asyncio. Storing the security state in the C struct prevents malicious user
code from overriding or bypassing the protection.

Protection via audit hooks:
- When deserialization is active, blocks dangerous operations including:
  * System commands (os.system, subprocess.Popen)
  * Code execution (exec, compile)
  * File modifications and thread creation
  * Dynamic loading (ctypes) and network operations
@iyehuda
Refactor deserialization security checks and enhance test coverage
dfbfca5 
- Updated `test_os_system_allowed_outside_pickle` to use `os.system('true')` for better clarity.
- Improved handling of event loop policies in `test_taint_cleared_on_error` to ensure proper cleanup.
- Removed outdated tests for `exec` and `compile` blocking, as they are no longer blocked.
- Introduced a new `HARDEN_MODE` configuration to control the behavior of deserialization security checks, allowing for warnings or errors based on the mode set via the `PYTHONHARDENMODE` environment variable.
- Fix failing tests
@iyehuda
Add Docker support with Dockerfile and .dockerignore
9a75e64 
- Introduced a Dockerfile for building a Python environment based on Debian.
- Configured essential packages and optimizations for Python installation.
- Added a .dockerignore file to exclude unnecessary files and directories from the Docker context, improving build efficiency.
@iyehuda iyehuda requested a review from 1st1 as a code owner October 22, 2025 10:54
@bedevere-app
Copy link

bedevere-app bot commented Oct 22, 2025

Most changes to Python require a NEWS entry. Add one using the blurb_it web app or the blurb command-line tool.

If this change has little impact on Python users, wait for a maintainer to apply the skip news label instead.

@python-cla-bot
Copy link

The following commit authors need to sign the Contributor License Agreement:

CLA not signed

@iyehuda iyehuda closed this Oct 22, 2025
@iyehuda iyehuda changed the title Add security context with deserialization guard [Deleted] Oct 22, 2025
@iyehuda iyehuda deleted the harden-deserialize branch October 22, 2025 10:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@1st1 1st1 Awaiting requested review from 1st1 1st1 is a code owner

Assignees

No one assigned

Labels

awaiting review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@iyehuda