[prev in list] [next in list] [prev in thread] [next in thread] 

List:       python-ideas
Subject:    [Python-ideas] Restricting access to sensitive APIs with a permission model like Deno
From:       python--- via Python-ideas <python-ideas () python ! org>
Date:       2023-02-26 1:21:51
Message-ID: 167737451108.30380.1611953989541359954 () mail ! python ! org
[Download RAW message or body]

Hello all,

Supply chain attacks are becoming a pressing concern in software development due to \
the large number of dependencies and multiple attack vectors. Using third party \
modules (libraries, packages etc)  is always a risk but the true potential of these \
attacks is now being weaponized. One way to deal with the risk is by limiting access \
to sensitive APIs like filesystem, shell, network and ffi so that packages which \
aren't explicitly granted permissions cannot use them, reducing their ability to do \
damage.

For example, a yaml parser should not need to use ffi, network nor shell. A command \
line argument parser library should not use network, ffi nor filesystem. Deno, a \
runtime for Typescript contains an interesting implementation of a permissions model \
for APIs.

I strongly think Python could benefit from such functionality and hacked together a \
quick experiment here: https://github.com/R9295/cpython Currently, it only prevents \
module imports in a very elementary manner but perhaps it can be of use to spark a \
discussion for an implementation.

Looking forward to your thoughts,
Aarnav
_______________________________________________
Python-ideas mailing list -- python-ideas@python.org
To unsubscribe send an email to python-ideas-leave@python.org
https://mail.python.org/mailman3/lists/python-ideas.python.org/
Message archived at https://mail.python.org/archives/list/python-ideas@python.org/message/MZNP5ZJBLMUO74PMZGWJGM6TAZXBK5AS/
 Code of Conduct: http://python.org/psf/codeofconduct/


[prev in list] [next in list] [prev in thread] [next in thread]