Issue37363
Created on 2019-06-21 15:42 by steve.dower, last changed 2022-04-11 14:59 by admin.
| Pull Requests | |||
|---|---|---|---|
| URL | Status | Linked | Edit |
| PR 14301 | merged | steve.dower, 2019-06-21 23:13 | |
| PR 14345 | merged | miss-islington, 2019-06-24 15:43 | |
| PR 14524 | merged | steve.dower, 2019-07-01 17:34 | |
| PR 14536 | merged | miss-islington, 2019-07-01 23:04 | |
| PR 14663 | merged | christian.heimes, 2019-07-09 10:32 | |
| PR 16046 | merged | miss-islington, 2019-09-12 13:13 | |
| PR 21321 | merged | gousaiyang, 2020-07-04 22:13 | |
| Messages (15) | |||
|---|---|---|---|
| msg346229 - (view) | Author: Steve Dower (steve.dower) * | Date: 2019-06-21 15:42 | |
We should also (see whether we should) add audit hooks for the following modules: * configparser * crypt * ensurepip * ftplib * glob * http * imaplib * nntplib * pdb * poplib * runpy * shutil * smtpd * smtplib * socketserver * sqlite3 * telnetlib * webbrowser * xmlrpc All of these seem likely to have interesting events (specifically, they can all be misused in scenarios where the impact would not be obvious without extra information). |
|||
| msg346301 - (view) | Author: Steve Dower (steve.dower) * | Date: 2019-06-22 21:35 | |
PR 14301 has at least a few hooks for most of the modules above. I think xmlrpc deserves some, but it is not as immediately obvious where to put them as for the other modules. smtpd also still needs looking at. |
|||
| msg346367 - (view) | Author: Christian Heimes (christian.heimes) * | Date: 2019-06-24 10:47 | |
I'll add hooks to ssl module for wrap_socket and wrap_bio. |
|||
| msg346416 - (view) | Author: Steve Dower (steve.dower) * | Date: 2019-06-24 15:42 | |
New changeset 60419a7e96577cf783b3b45bf3984f9fb0d7ddff by Steve Dower in branch 'master': bpo-37363: Add audit events for a range of modules (GH-14301) https://github.com/python/cpython/commit/60419a7e96577cf783b3b45bf3984f9fb0d7ddff |
|||
| msg346418 - (view) | Author: miss-islington (miss-islington) | Date: 2019-06-24 16:09 | |
New changeset 8763d43a9558b345af6a3a298afa18e7d3b42fd0 by Miss Islington (bot) in branch '3.8': bpo-37363: Add audit events for a range of modules (GH-14301) https://github.com/python/cpython/commit/8763d43a9558b345af6a3a298afa18e7d3b42fd0 |
|||
| msg346419 - (view) | Author: Steve Dower (steve.dower) * | Date: 2019-06-24 16:27 | |
FWIW, I tried looking into how we can prevent or detect monkeypatching of "sys.audit", and the answer seems to be that we need to define a custom type for the sys module and for sys.__dict__. I'm not prepared to do that yet, and IMHO there are enough way to detect someone patching it to nothing (all your logs disappear) or patching it more cleverly (someone ran some pretty complex code to redefine it) and events from native code can't be suppressed either, so I think it's fine. But I won't refuse a contribution if someone thinks this is a critical scenario (though I will push hard to make sure the implementation is solid, as I think this is pretty hard to get right). |
|||
| msg347085 - (view) | Author: Steve Dower (steve.dower) * | Date: 2019-07-01 23:03 | |
New changeset e226e83d36dfc7220d836fb7a249ce18e70cb4a6 by Steve Dower in branch 'master': bpo-37363: Add audit events on startup for the run commands (GH-14524) https://github.com/python/cpython/commit/e226e83d36dfc7220d836fb7a249ce18e70cb4a6 |
|||
| msg347088 - (view) | Author: miss-islington (miss-islington) | Date: 2019-07-01 23:22 | |
New changeset 746992c1ae4c632220563d3fe54123498f93db1d by Miss Islington (bot) in branch '3.8': bpo-37363: Add audit events on startup for the run commands (GH-14524) https://github.com/python/cpython/commit/746992c1ae4c632220563d3fe54123498f93db1d |
|||
| msg347093 - (view) | Author: Steve Dower (steve.dower) * | Date: 2019-07-01 23:43 | |
All that's left here right now is some xmlrpc events, unless we can think of any more stdlib modules that should have them? |
|||
| msg352154 - (view) | Author: miss-islington (miss-islington) | Date: 2019-09-12 13:13 | |
New changeset ed4b3216e59df4806e5ef63b3357fc577a9443d7 by Miss Islington (bot) (Christian Heimes) in branch 'master': bpo-37363: Document internal audit events (GH-14663) https://github.com/python/cpython/commit/ed4b3216e59df4806e5ef63b3357fc577a9443d7 |
|||
| msg352156 - (view) | Author: miss-islington (miss-islington) | Date: 2019-09-12 13:20 | |
New changeset 2f01cf61874aa42eeb9999e49d51d4881792d9c4 by Miss Islington (bot) in branch '3.8': bpo-37363: Document internal audit events (GH-14663) https://github.com/python/cpython/commit/2f01cf61874aa42eeb9999e49d51d4881792d9c4 |
|||
| msg352157 - (view) | Author: Stéphane Wirtel (matrixise) * | Date: 2019-09-12 13:21 | |
@Christian, I have merged your PR for the audit events, but I have not closed this issue, I suppose there will be other PRs for this issue. |
|||
| msg373074 - (view) | Author: Stéphane Wirtel (matrixise) * | Date: 2020-07-06 08:00 | |
Hi @Christian, When you have time for my last question. Thank you, |
|||
| msg391675 - (view) | Author: Stéphane Wirtel (matrixise) * | Date: 2021-04-23 10:19 | |
New changeset 927b841c215a1ca36c9b3203eadc67ce05b1ed07 by Saiyang Gou in branch 'master': bpo-37363: Add audit events to the `http.client` module (GH-21321) https://github.com/python/cpython/commit/927b841c215a1ca36c9b3203eadc67ce05b1ed07 |
|||
| msg391676 - (view) | Author: Stéphane Wirtel (matrixise) * | Date: 2021-04-23 10:21 | |
the http module is covered by the audit events |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:59:17 | admin | set | github: 81544 |
| 2021-04-23 10:21:35 | matrixise | set | messages: + msg391676 |
| 2021-04-23 10:19:27 | matrixise | set | messages: + msg391675 |
| 2021-04-23 09:31:23 | matrixise | set | versions: + Python 3.10, - Python 3.8, Python 3.9 |
| 2020-07-06 08:00:42 | matrixise | set | messages: + msg373074 |
| 2020-07-04 22:13:10 | gousaiyang | set | nosy:
+ gousaiyang pull_requests: + pull_request20472 |
| 2019-09-12 13:21:38 | matrixise | set | nosy:
+ matrixise messages: + msg352157 |
| 2019-09-12 13:20:28 | miss-islington | set | messages: + msg352156 |
| 2019-09-12 13:13:16 | miss-islington | set | pull_requests: + pull_request15668 |
| 2019-09-12 13:13:04 | miss-islington | set | messages: + msg352154 |
| 2019-07-09 10:32:43 | christian.heimes | set | pull_requests: + pull_request14471 |
| 2019-07-01 23:43:03 | steve.dower | set | messages: + msg347093 |
| 2019-07-01 23:22:32 | miss-islington | set | messages: + msg347088 |
| 2019-07-01 23:04:05 | miss-islington | set | pull_requests: + pull_request14349 |
| 2019-07-01 23:03:58 | steve.dower | set | messages: + msg347085 |
| 2019-07-01 17:34:51 | steve.dower | set | pull_requests: + pull_request14337 |
| 2019-06-24 16:27:43 | steve.dower | set | messages: + msg346419 |
| 2019-06-24 16:09:53 | miss-islington | set | nosy:
+ miss-islington messages: + msg346418 |
| 2019-06-24 15:43:08 | miss-islington | set | pull_requests: + pull_request14165 |
| 2019-06-24 15:42:59 | steve.dower | set | messages: + msg346416 |
| 2019-06-24 10:47:34 | christian.heimes | set | messages: + msg346367 |
| 2019-06-22 21:35:27 | steve.dower | set | messages: + msg346301 |
| 2019-06-21 23:13:06 | steve.dower | set | keywords:
+ patch stage: needs patch -> patch review pull_requests: + pull_request14125 |
| 2019-06-21 15:42:29 | steve.dower | create | |