$30 off During Our Annual Pro Sale. View Details »

EuroPython 2019: Auditing hooks and security transparency for CPython

Christian Heimes
July 10, 2019
Programming
2
280

EuroPython 2019: Auditing hooks and security transparency for CPython

https://ep2019.europython.eu/talks/8MGqsQG-auditing-hooks-and-security-transparency-for-cpython/

https://github.com/zooba/spython

Auditing hooks and security transparency for CPython
An introduction to PEPs 578 and 551 from the author and the BDFL delegate
Christian Heimes, Steve Dower

The Python Enhancement Proposal 551 describes the concept of security transparency for the CPython runtime environment. The PEP lists planned actions to detect anomalous or malicious use of Python and potentially prevent some abuse cases. The general idea is to make Python less useful for advanced persistent threats (APT). Python 3.8 will come with an implementation of PEP 578, auditing hooks and verified open call for reading code from files.

In this talk, we will explain our motivation for the PEPs, why the PEPs are important for the future of Python, scope, and limitations. We will give examples, how auditing hooks and the verified open hook can be tight into Linux's and Windows' security frameworks to detect and potentially prevent abuse.

The goal of the talk is not to present a ready-to-use security enhancement for CPython, but to declare the intent of the enhancements and start a discussion about a secure "spython" interpreter. We as a community must ensure Python's usefulness for developers, but at the same time make it no-good for malicious purposes.

Christian Heimes

July 10, 2019
Tweet

More Decks by Christian Heimes

See All by Christian Heimes
Language Summit 2022: WebAssembly: Python in the browser and beyond
tiran
2
690
Python 3.11 in the web browser – A journey (PyCon DE 2022 Keynote)
tiran
5
4.7k
PyCon LT 2021 Keynote: Ask a core developer anything
tiran
0
43
Nest with Fedora: An Introduction to the FAS Replacement
tiran
0
110
ConFoo 2020: systemd for developers and devops
tiran
1
460
PyCon BY 2020: Introduction to low-level profiling and tracing
tiran
0
83
Hamburg Python Pizza 2019: ssl module 10
tiran
0
100
DevConf.IN 2019: First steps into security engineering
tiran
0
78
EuroPython 2019: Introduction to low-level profiling and tracing
tiran
1
240

Other Decks in Programming

See All in Programming
[Helvetic Ruby 2023] Profiling Ruby tests with Swiss precision
palkan
0
260
B2B SaaSでSpringSecurityによる Roleを用いたユーザー権限設定の 実装について
rakus_dev
1
170
Open Source - A Journey of Contribution and Collaboration
ivargrimstad
0
290
DartによるBFF構築・運用 〜 Dart Frog × Melos 〜
yumnumm
1
1.1k
エンジニア秘書が通訳する異文化コミュニケーションのあれこれ / engineer-communication
assu_ming
0
110
エンジニアだけでスポンサーブースを出したら大変なことになった
zakky21
1
330
Findy - エンジニア向け会社紹介 / Findy Letter for Engineers
findyinc
2
58k
10年モノのAndroidアプリのコード品質を改善していく、3つの取り組み
okuzawats
0
590
Data-centric視点で過去コンペを振り返る
inoichan
1
430
バイナリビューアを使ってクラスファイルを読んでみよう! #jjug_ccc
yujisoftware
1
270
集団意思決定の落とし穴と誰も望まない技術的負債
h0r15h0
0
1.6k
Introducing Kotlin Multiplatform in an existing mobile app - Workshop Edition | DevFest Berlin 23
prof18
0
190

Featured

See All Featured
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
1
870
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.4k
Rails Girls Zürich Keynote
gr2m
90
12k
How to train your dragon (web standard)
notwaldorf
71
4.8k
[RailsConf 2023] Rails as a piece of cake
palkan
16
3.1k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
33
8.6k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
5
730
The Illustrated Children's Guide to Kubernetes
chrisshort
26
45k
How New CSS Is Changing Everything About Graphic Design on the Web
jensimmons
215
12k
Fontdeck: Realign not Redesign
paulrobertlloyd
74
4.7k
Principles of Awesome APIs and How to Build Them.
keavy
119
16k
What's new in Ruby 2.0
geeforr
336
30k

Transcript

  1. Auditing hooks and security
    transparency for CPython
    Steve Dower, Christian Heimes
    EuroPython 2019, Basel, Switzerland

    View Slide

  2. Auditing Hooks and Security Transparency for Python
    Why is SkelSec so sad?
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 2

    View Slide

  3. Auditing Hooks and Security Transparency for Python
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 4

    View Slide

  4. Auditing Hooks and Security Transparency for Python
    We made SkelSec sad…
    and that should make you all happy
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 5

    View Slide

  5. Auditing Hooks and Security Transparency for Python
    Who are we?
    Steve Dower
    • CPython core developer
    • Author of PEP 578
    • @zooba
    • (Also works at Microsoft)
    Christian Heimes
    • CPython core developer
    • BDFL delegate for PEP 578
    • @christianheimes
    • (Also works at Red Hat)
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 6

    View Slide

  6. Auditing Hooks and Security Transparency for Python
    Today’s Agenda
    • What are audit hooks, and why would I use them?
    • Using audit hooks to improve security
    • Integration on Windows-based systems
    • Integration on Linux-based systems
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 7

    View Slide

  7. Auditing Hooks and Security Transparency for Python
    Runtime Audit Hooks (PEP 578)
    • One piece of a complete security solution
    • Provides low-level insight into runtime behaviour
    • Opening files
    • Connecting sockets
    • Compiling strings
    • By default, does nothing!
    • Designed for security engineers to plug into
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 8

    View Slide

  8. Auditing Hooks and Security Transparency for Python
    Python Security Engineer Checklist
    Install security updates
    Limit user accounts
    Install security updates!
    Use a firewall
    Install security updates!!
    Restrict package installation
    Install security updates!!!
    Think about maybe, possibly, using some Python audit hooks
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 9

    View Slide

  9. Auditing Hooks and Security Transparency for Python
    Listening to audit hooks
    int hook(
    const char *event,
    PyObject *args,
    void *userData
    ) {
    printf("Saw %s\n", event);
    return 0;
    }
    PySys_AddAuditHook(hook, userData);
    import sys
    def hook(event, args):
    print("Saw", event)
    sys.addaudithook(hook)
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 10

    View Slide

  10. Auditing Hooks and Security Transparency for Python
    Listening to audit hooks
    C - PySys_AddAuditHook()
    Pros:
    • Faster
    • Hard to bypass
    Cons:
    • More complex
    • Requires custom Python
    Python - sys.addaudithook()
    Pros:
    • Easy
    • Convenient
    Cons:
    • Per-subinterpreter
    • Slow
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 11

    View Slide

  11. Auditing Hooks and Security Transparency for Python
    What events should you expect?
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 12
    docs.python.org/3.8/library/audit_events.html
    builtins.input
    exec
    import
    glob.glob
    open
    socket.__new__
    os.system
    compile

    View Slide

  12. Auditing Hooks and Security Transparency for Python
    What to do with an event?
    • Nothing
    • Log it
    • Abort it
    • Abort everything!
    Correct answer: log it
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 13

    View Slide

  13. Auditing Hooks and Security Transparency for Python
    If a tree falls in a forest… has it been logged?
    When an intruder is trying to get in, or is already in, you need to know
    Logging allows:
    • Retrospective analysis
    • Anomaly detection
    • Incident response
    Premature log filtering cripples your defence. Log everything.
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 14

    View Slide

  14. Auditing Hooks and Security Transparency for Python
    Creating audit events
    PySys_Audit("module.event",
    "isO", a, b, c);
    import sys
    sys.audit("module.event",
    a, b, c)
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 15
    Tips:
    • Prefer C call (PySys_Audit) when possible
    • Prefix with your module (import) name
    • Audit after validation, before execution

    View Slide

  15. Auditing Hooks and Security Transparency for Python
    The io.open_code() function
    • Code ≠ Data
    • Your OS kernel already does this for binaries, but not via open()
    import io
    io.open_code("file.py")
    Same as open(…, "rb") but can be hooked in C
    PyFile_SetOpenCodeHook(callback, user_data);
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 16

    View Slide

  16. Auditing Hooks and Security Transparency for Python
    Why would you hook io.open_code()?
    • Validate file attributes
    • Validate file contents
    • Exclusive file access
    • Return BytesIO instead of real file object
    Careful implementation required:
    • Cannot recurse (via PyImport_ImportModule)
    • Callers assume they’ll get a regular file object
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 18

    View Slide

  17. Auditing Hooks and Security Transparency for Python
    What else do you need to do?
    • Handle audit events
    • compile, exec – loading code not from files
    • open – loading other unexpected files
    • Disable launch options (in audit hook)
    • -c "…" – code in arguments
    • … | python3 – code from other shell commands
    • Force -E – ignore environment variables
    • Use good access control rules
    • $TEMPDIR / %TEMP%
    • $HOME / %USERPROFILE%
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 20

    View Slide

  18. Auditing Hooks and Security Transparency for Python
    Integrating with Windows
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 21

    View Slide

  19. Auditing Hooks and Security Transparency for Python
    Integrating with Windows
    • Windows Event Log
    • Catalog Signing
    • Windows Defender Application Control
    github.com/zooba/spython
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 22
    github.com/zooba/spython

    View Slide

  20. Auditing Hooks and Security Transparency for Python
    Windows Event Log
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 23
    github.com/zooba/spython

    View Slide

  21. Auditing Hooks and Security Transparency for Python
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 24
    github.com/zooba/spython

    View Slide

  22. Auditing Hooks and Security Transparency for Python
    Windows Event Log features
    • Event Log viewer
    • Event forwarding
    • Protected Event Logging
    • Clearing/modifying logs adds a new event
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 25
    github.com/zooba/spython

    View Slide

  23. Auditing Hooks and Security Transparency for Python
    static int
    hook_compile(const char *event, PyObject *args)
    {
    PyObject *code, *filename;
    const char *u8code = NULL, *u8filename = NULL;
    if (!EventEnabledIMPORT_COMPILE()) {
    return 0;
    }
    if (!PyArg_ParseTuple(args, "OO", &code, &filename)) {
    return -1;
    }
    u8code = PyUnicode_AsUTF8(code);
    u8filename = PyUnicode_AsUTF8(filename);
    EventWriteIMPORT_COMPILE(u8code, u8filename);
    return 0;
    }
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 26
    github.com/zooba/spython

    View Slide

  24. Auditing Hooks and Security Transparency for Python
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 28
    github.com/zooba/spython

    View Slide

  25. Auditing Hooks and Security Transparency for Python
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 29
    github.com/zooba/spython

    View Slide

  26. Auditing Hooks and Security Transparency for Python
    Signed Catalog Files
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 30
    github.com/zooba/spython

    View Slide

  27. Auditing Hooks and Security Transparency for Python
    Code Signing
    • Typical white-listing approach
    • Attaches a signed hash of the file to the file
    • Catalog signing signs a set of files
    • We can’t sign .py files, so we use .cat
    • Standard Python installers include a catalog file for all non-binaries
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 31
    github.com/zooba/spython

    View Slide

  28. Auditing Hooks and Security Transparency for Python
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 32
    github.com/zooba/spython

    View Slide

  29. Auditing Hooks and Security Transparency for Python
    static int
    verify_trust(HANDLE hFile)
    {
    static const GUID action = WINTRUST_ACTION_GENERIC_VERIFY_V2;
    BYTE hash[256];
    wchar_t memberTag[256];
    WINTRUST_CATALOG_INFO wci = {
    .cbStruct = sizeof(WINTRUST_CATALOG_INFO),
    .hMemberFile = hFile,
    .pbCalculatedFileHash = hash,
    .cbCalculatedFileHash = sizeof(hash),
    .pcwszCatalogFilePath = wszCatalog,
    .pcwszMemberTag = memberTag,
    };
    WINTRUST_DATA wd = {
    .cbStruct = sizeof(WINTRUST_DATA),
    .dwUIChoice = WTD_UI_NONE,
    .fdwRevocationChecks = WTD_REVOKE_WHOLECHAIN,
    .dwUnionChoice = WTD_CHOICE_CATALOG,
    .pCatalog = &wci
    };
    if (!CryptCATAdminCalcHashFromFileHandle(
    hFile, &wci.cbCalculatedFileHash, hash, 0)) {
    return -1;
    }
    for (DWORD i = 0; i < wci.cbCalculatedFileHash; ++i) {
    swprintf(&memberTag[i*2], 3, L"%02X", hash[i]);
    }
    HRESULT hr = WinVerifyTrust(NULL, (LPGUID)&action, &wd);
    if (FAILED(hr)) {
    PyErr_SetExcFromWindowsErr(PyExc_OSError);
    return -1;
    }
    return 0;
    }
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 33
    github.com/zooba/spython

    View Slide

  30. Auditing Hooks and Security Transparency for Python
    static int
    verify_trust(HANDLE hFile)
    {
    static const GUID action = WINTRUST_ACTION_GENERIC_VERIFY_V2;
    BYTE hash[256];
    wchar_t memberTag[256];
    WINTRUST_CATALOG_INFO wci = {
    .cbStruct = sizeof(WINTRUST_CATALOG_INFO),
    .hMemberFile = hFile,
    .pbCalculatedFileHash = hash,
    .cbCalculatedFileHash = sizeof(hash),
    .pcwszCatalogFilePath = wszCatalog,
    .pcwszMemberTag = memberTag,
    };
    WINTRUST_DATA wd = {
    .cbStruct = sizeof(WINTRUST_DATA),
    .dwUIChoice = WTD_UI_NONE,
    .fdwRevocationChecks = WTD_REVOKE_WHOLECHAIN,
    .dwUnionChoice = WTD_CHOICE_CATALOG,
    .pCatalog = &wci
    };
    if (!CryptCATAdminCalcHashFromFileHandle(
    hFile, &wci.cbCalculatedFileHash, hash, 0)) {
    return -1;
    }
    for (DWORD i = 0; i < wci.cbCalculatedFileHash; ++i) {
    swprintf(&memberTag[i*2], 3, L"%02X", hash[i]);
    }
    HRESULT hr = WinVerifyTrust(NULL, &action, &wd);
    if (FAILED(hr)) {
    PyErr_SetExcFromWindowsErr(PyExc_OSError);
    return -1;
    }
    return 0;
    }
    WinVerifyTrust(NULL, &action, &wd)
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 34
    github.com/zooba/spython

    View Slide

  31. Auditing Hooks and Security Transparency for Python
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 35
    github.com/zooba/spython

    View Slide

  32. Auditing Hooks and Security Transparency for Python
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 36
    github.com/zooba/spython

    View Slide

  33. Auditing Hooks and Security Transparency for Python
    Windows Defender
    Application Control
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 37
    github.com/zooba/spython

    View Slide

  34. Auditing Hooks and Security Transparency for Python
    Windows Defender Application Control
    • Kernel enforced, configurable policy for allow/denying applications
    • Use signatures, catalogs, file names, paths, etc.
    • Integrated with event logging and detectors
    • Good feedback for users
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 38
    github.com/zooba/spython

    View Slide

  35. Auditing Hooks and Security Transparency for Python
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 39
    github.com/zooba/spython

    View Slide

  36. Auditing Hooks and Security Transparency for Python
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 40
    github.com/zooba/spython

    View Slide

  37. Auditing Hooks and Security Transparency for Python
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 41
    github.com/zooba/spython

    View Slide

  38. Auditing Hooks and Security Transparency for Python
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 42
    github.com/zooba/spython

    View Slide

  39. Auditing Hooks and Security Transparency for Python
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 44
    github.com/zooba/spython

    View Slide

  40. Auditing Hooks and Security Transparency for Python
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 45
    github.com/zooba/spython

    View Slide

  41. Auditing Hooks and Security Transparency for Python
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 46
    github.com/zooba/spython

    View Slide

  42. Auditing Hooks and Security Transparency for Python
    Integrating with Linux
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 47

    View Slide

  43. Auditing Hooks and Security Transparency for Python
    Integrating with Linux
    • DTrace / SystemTap
    • SysLog
    • io.open_code()
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 48

    View Slide

  44. Auditing Hooks and Security Transparency for Python
    Prerequisites
    • Install security updates
    • Run as unprivileged user or drop capabilities (container)
    • Restrict write access
    • Enforce security policy: AppArmor, SELinux, TOMOYO
    • Configure system and central logging: syslog, rsyslog, journald
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 49

    View Slide

  45. Auditing Hooks and Security Transparency for Python
    DTrace / SystemTap instrumentation
    # audit(str event, void *tuple)
    probe process("/usr/lib64/libpython3.8.*").mark("audit") {
    printf("%s\n", user_string($arg1))
    }
    $ sudo stap audit.stp -c "python3.8 -c pass"
    ...
    cpython.run_command
    compile
    exec
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 50
    More on DTrace and SystemTap tomorrow at 10:30am from Christian

    View Slide

  46. Auditing Hooks and Security Transparency for Python
    Logging
    openlog(NULL, LOG_CONS|LOG_PERROR|LOG_PID, LOG_USER);
    syslog(LOG_CRIT, "spython critical failure: %s", msg);
    _exit(255);
    Configure your container runtime to forward syslog!
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 51

    View Slide

  47. Auditing Hooks and Security Transparency for Python
    Simple proof-of-concept
    • Resolved file must be a regular file
    • Deny noexec filesystems (/proc, hardened /tmp)
    • Hash file content with OpenSSL
    • Use xattr (extended file attributes) to flag files and store hash
    io.open_code() on Linux
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 52
    github.com/zooba/spython/tree/master/linux_xattr
    github.com/zooba/spython/tree/master/linux_xattr

    View Slide

  48. Auditing Hooks and Security Transparency for Python
    Extended file attributes
    • Custom name/values pairs on files and directories
    • Namespaces: user, trusted, system, security
    • Access permission to “user” namespace is controlled by DAC.
    • Inspired by “Integrity Measurement Architecture” (IMA-appraisal)
    $ getfattr -d /usr/lib64/python3.8/os.py
    user.org.python.x-spython-hash="75454b1944227c1418473..."
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 53
    github.com/zooba/spython/tree/master/linux_xattr

    View Slide

  49. Auditing Hooks and Security Transparency for Python
    Example
    $ ./spython example.py
    Fatal Python error: init_import_size: Failed to import the site module
    Traceback (most recent call last):
    ...
    ValueError: File hash mismatch: /usr/lib64/python3.8/os.py (expected: '75454b...',
    got '31d6c3...')
    $ sudo python3.8 ./mkxattr.py --verbose
    Adding spython hash to '/usr/lib64/python3.8/os.py'
    Adding spython hash to '/usr/lib64/python3.8/__pycache__/os.cpython-38.pyc'
    $ ./spython example.py
    OK
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 54
    github.com/zooba/spython/tree/master/linux_xattr

    View Slide

  50. Auditing Hooks and Security Transparency for Python
    Example – mkxattr
    XATTR_NAME = b"user.org.python.x-spython-hash"
    for filename in LIST_OF_PY_FILES:
    hasher = hashlib.new("sha256")
    with open(filename, "rb") as f:
    hasher.update(f.read())
    hexdigest = hasher.hexdigest().encode("ascii")
    os.setxattr(filename, xattr_name, hexdigest)
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 56
    github.com/zooba/spython/tree/master/linux_xattr

    View Slide

  51. Auditing Hooks and Security Transparency for Python
    Securing xattr
    • Store hash in restricted xattr namespace
    • Use signed hash
    • Block syscall (container policy, seccomp)
    prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0);
    scmp_filter_ctx *ctx = seccomp_init(SCMP_ACT_ALLOW);
    // setxattr, fsetxattr, lsetxattr
    seccomp_rule_add(ctx, SCMP_ACT_KILL_PROCESS,
    SCMP_SYS(setxattr), 0);
    seccomp_load(ctx);
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 57
    github.com/zooba/spython/tree/master/linux_xattr

    View Slide

  52. Auditing Hooks and Security Transparency for Python
    Open issues and exploits
    • LD_PRELOAD
    • Open Container Image Format clobbers xattr in layers
    • github.com/opencontainers/image-spec/issues/503
    • Modify code with /proc/self/mem
    • void *dlopen(const char *filename, int flags)
    • github.com/nullbites/SnakeEater
    • ...
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 58

    View Slide

  53. Auditing Hooks and Security Transparency for Python
    O_MAYEXEC
    • GNU/Linux CLIP OS 4
    • Articles and talks
    − Linux Security Summit Europe 2018
    − Kernel Recipes 2018
    − lwn.net/Articles/774676
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 59

    View Slide

  54. Auditing Hooks and Security Transparency for Python
    Summary
    • When your security is already good, audit hooks can make it better
    • Hooks provide transparency, not security
    • Enables use of OS technologies that was unavailable to Python
    • Install your security updates!
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 60

    View Slide

  55. Auditing Hooks and Security Transparency for Python
    Resources
    • docs.python.org/3.8/library/sys.html#sys.audit
    • www.python.org/dev/peps/pep-0578/
    • github.com/zooba/spython
    @zooba @christianheimes EuroPython 2019, Basel - 10 July 2019 61
    Steve Dower
    @zooba
    Christan Heimes
    @christianheimes

    View Slide