mirror of https://github.com/python/cpython
gh-87604: Clarify in docs that sys.addaudithook is not for sandboxes (GH-99372)
This commit is contained in:
parent
3dd6ee2c00
commit
c3c3871415
|
@ -35,6 +35,15 @@ always available.
|
||||||
can then log the event, raise an exception to abort the operation,
|
can then log the event, raise an exception to abort the operation,
|
||||||
or terminate the process entirely.
|
or terminate the process entirely.
|
||||||
|
|
||||||
|
Note that audit hooks are primarily for collecting information about internal
|
||||||
|
or otherwise unobservable actions, whether by Python or libraries written in
|
||||||
|
Python. They are not suitable for implementing a "sandbox". In particular,
|
||||||
|
malicious code can trivially disable or bypass hooks added using this
|
||||||
|
function. At a minimum, any security-sensitive hooks must be added using the
|
||||||
|
C API :c:func:`PySys_AddAuditHook` before initialising the runtime, and any
|
||||||
|
modules allowing arbitrary memory modification (such as :mod:`ctypes`) should
|
||||||
|
be completely removed or closely monitored.
|
||||||
|
|
||||||
.. audit-event:: sys.addaudithook "" sys.addaudithook
|
.. audit-event:: sys.addaudithook "" sys.addaudithook
|
||||||
|
|
||||||
Calling :func:`sys.addaudithook` will itself raise an auditing event
|
Calling :func:`sys.addaudithook` will itself raise an auditing event
|
||||||
|
|
Loading…
Reference in New Issue