[proxy] web.archive.org — ← back | site home | direct (HTTPS) ↗ | proxy home | ◑ dark◐ light

Issue 41162: Clear audit hooks after destructors

The Wayback Machine - https://web.archive.org/web/20210410115618/https://bugs.python.org/issue41162

Issue41162

classification

Title:	Clear audit hooks after destructors
Type:	security	Stage:	patch review
Components:	Interpreter Core	Versions:	Python 3.10, Python 3.9, Python 3.8

process

Status:	open	Resolution:
Dependencies:		Superseder:
Assigned To:		Nosy List:	christian.heimes, frankli, steve.dower, zkonge
Priority:	normal	Keywords:	patch

Created on 2020-06-29 16:28 by steve.dower, last changed 2020-07-06 19:23 by steve.dower.

Files
File name	Uploaded	Description	Edit
clearaudithook.patch	zkonge, 2020-06-29 18:09

Pull Requests
URL	Status	Linked	Edit
PR 21222	merged	zkonge, 2020-06-29 19:45
PR 21302	merged	steve.dower, 2020-07-03 21:20
PR 21303	merged	steve.dower, 2020-07-03 22:05
PR 21304	merged	steve.dower, 2020-07-03 22:33

Messages (7)
msg372601 - (view)	Author: Steve Dower (steve.dower) *	Date: 2020-06-29 16:28
Because of when _Py_ClearAuditHooks is called during finalization, it is possible that __del__ destructors will be called after hooks have been cleared. Audit events that would be raised here are dropped. We should ensure these events are received by any known hooks for the interpreter (Python) or the runtime (C). (Thanks to Frank Li for the report.)
msg372610 - (view)	Author: JIanqiu Tao (zkonge) *	Date: 2020-06-29 18:09
Patch attached below works well, but with less functionality for users' audit hook. Pure Python audit hook implement looks safe enough. Should we need call _PySys_ClearAuditHooks earlier for more functionality?
msg372892 - (view)	Author: Steve Dower (steve.dower) *	Date: 2020-07-02 22:47
PR 21222 (with test updates) is a good fix, though we know there can still be arbitrary code executed afterwards. But it's not in a place where we can reliably hook. Probably the best thing to do is to make sure that events are raised for anything that would be required to add code there. Though that may not be feasible either, but since nobody should be doing that kind of thing deliberately, detection is just as valuable as prevention.
msg372958 - (view)	Author: Steve Dower (steve.dower) *	Date: 2020-07-03 21:06
New changeset daa0fe03a517d335d48e65ace8e5da636e265a8f by Konge in branch 'master': bpo-41162: Clear audit hooks later during finalization (GH-21222) https://github.com/python/cpython/commit/daa0fe03a517d335d48e65ace8e5da636e265a8f
msg372965 - (view)	Author: Steve Dower (steve.dower) *	Date: 2020-07-03 21:58
New changeset e1d4fdc53347617bea1aff0d7112471453f65003 by Steve Dower in branch '3.9': bpo-41162: Clear audit hooks later during finalization (GH-21222) https://github.com/python/cpython/commit/e1d4fdc53347617bea1aff0d7112471453f65003
msg372970 - (view)	Author: Steve Dower (steve.dower) *	Date: 2020-07-03 23:04
New changeset b9e288cc1bfd583e887f784e38d9c511b43c0c3a by Steve Dower in branch '3.8': bpo-41162: Clear audit hooks later during finalization (GH-21222) https://github.com/python/cpython/commit/b9e288cc1bfd583e887f784e38d9c511b43c0c3a
msg373158 - (view)	Author: Steve Dower (steve.dower) *	Date: 2020-07-06 19:23
Merged the initial fix, but we now need to find any exploitable paths that remain. Considering how late in finalization they now run, they're very unlikely to succeed at doing anything interesting. However, they'd also qualify as bugs (potentially crashes), so we'll want to find ways to make them run earlier anyway.

History
Date	User	Action	Args
2020-07-06 19:23:17	steve.dower	set	messages: + msg373158
2020-07-03 23:04:35	steve.dower	set	messages: + msg372970
2020-07-03 22:33:44	steve.dower	set	pull_requests: + pull_request20456
2020-07-03 22:05:47	steve.dower	set	pull_requests: + pull_request20452
2020-07-03 21:58:47	steve.dower	set	messages: + msg372965
2020-07-03 21:20:40	steve.dower	set	pull_requests: + pull_request20451
2020-07-03 21:06:52	steve.dower	set	messages: + msg372958
2020-07-02 22:47:13	steve.dower	set	messages: + msg372892
2020-07-02 10:23:52	frankli	set	nosy: + frankli
2020-06-29 19:45:27	zkonge	set	stage: needs patch -> patch review pull_requests: + pull_request20374
2020-06-29 18:09:40	zkonge	set	files: + clearaudithook.patch nosy: + zkonge messages: + msg372610 keywords: + patch
2020-06-29 16:28:11	steve.dower	create