Auditing hooks and security transparency for CPython

An introduction to PEPs 578 and 551 from the author and the BDFL delegate

Christian Heimes, Steve Dower

CPython Security

The Python Enhancement Proposal 551 describes the concept of security transparency for the CPython runtime environment. The PEP lists planned actions to detect anomalous or malicious use of Python and potentially prevent some abuse cases. The general idea is to make Python less useful for advanced persistent threats (APT). Python 3.8 will come with an implementation of PEP 578, auditing hooks and verified open call for reading code from files.

In this talk, we will explain our motivation for the PEPs, why the PEPs are important for the future of Python, scope, and limitations. We will give examples, how auditing hooks and the verified open hook can be tight into Linux's and Windows' security frameworks to detect and potentially prevent abuse.

The goal of the talk is not to present a ready-to-use security enhancement for CPython, but to declare the intent of the enhancements and start a discussion about a secure "spython" interpreter. We as a community must ensure Python's usefulness for developers, but at the same time make it no-good for malicious purposes.

Type: Talk (45 mins); Python level: Advanced; Domain level: Intermediate

Christian Heimes

Red Hat

Christian is a Python core developer and security engineer from Hamburg/Germany. He maintains Python's ssl and hashlib module, and contributes to improve security of CPython. In his day job he works at Red Hat's security engineering and identity management department on FreeIPA and Dogtag PKI.

Steve Dower

Microsoft

Steve is an engineer who tells people about Python and then gives them excuses to use it and great tools to use it with. He is a core contributor and Windows expert for CPython, and works at Microsoft on making sure Python developers are well supported across Windows, Azure, and other Microsoft platforms.