Skip to content

Commit ad5159b

Browse files
miss-islingtonzooba
miss-islington
and
zooba
authored
gh-87604: Clarify in docs that sys.addaudithook is not for sandboxes (GH-99372)
(cherry picked from commit c3c3871) Co-authored-by: Steve Dower <steve.dower@python.org>
1 parent 5612471 commit ad5159b

File tree

1 file changed

+9
-0
lines changed

1 file changed

+9
-0
lines changed

Doc/library/sys.rst

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,15 @@ always available.
3535
can then log the event, raise an exception to abort the operation,
3636
or terminate the process entirely.
3737

38+
Note that audit hooks are primarily for collecting information about internal
39+
or otherwise unobservable actions, whether by Python or libraries written in
40+
Python. They are not suitable for implementing a "sandbox". In particular,
41+
malicious code can trivially disable or bypass hooks added using this
42+
function. At a minimum, any security-sensitive hooks must be added using the
43+
C API :c:func:`PySys_AddAuditHook` before initialising the runtime, and any
44+
modules allowing arbitrary memory modification (such as :mod:`ctypes`) should
45+
be completely removed or closely monitored.
46+
3847
.. audit-event:: sys.addaudithook "" sys.addaudithook
3948

4049
Calling :func:`sys.addaudithook` will itself raise an auditing event

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy