Auditing hooks and security transparency for CPython
An introduction to PEPs 578 and 551 from the author and the BDFL delegate
Christian Heimes, Steve Dower
The Python Enhancement Proposal 551 describes the concept of security transparency for the CPython runtime environment. The PEP lists planned actions to detect anomalous or malicious use of Python and potentially prevent some abuse cases. The general idea is to make Python less useful for advanced persistent threats (APT). Python 3.8 will come with an implementation of PEP 578, auditing hooks and verified open call for reading code from files.
In this talk, we will explain our motivation for the PEPs, why the PEPs are important for the future of Python, scope, and limitations. We will give examples, how auditing hooks and the verified open hook can be tight into Linux's and Windows' security frameworks to detect and potentially prevent abuse.
The goal of the talk is not to present a ready-to-use security enhancement for CPython, but to declare the intent of the enhancements and start a discussion about a secure "spython" interpreter. We as a community must ensure Python's usefulness for developers, but at the same time make it no-good for malicious purposes.