
2017 Python Language Summit: Lightning Talks - bakery2k
https://lwn.net/Articles/723823/
======
tyingq
The bit about python being somewhat of a security concern because already
compromised systems have it preinstalled (and the hacker might use it) is an
odd point.

Even if Python isn't there, Perl or PHP, or something else similarly flexible
probably is. Or just curl and bash.

Edit: Regarding this: _" So, what should be done about this? The Python core
development community needs to acknowledge the problem; it is the reason that
many corporate networks ban Python, for example"_

I've never heard of this...is this actually common? If I've already
compromised your system, I can install whatever I want...one way or the other.
Even if that's pasting binaries via base64.

~~~
DonbunEf7
What's going on here is that Python is a powerful program, called a "deputy"
in security parlance, which has some power that it can choose to delegate
based on some policy. These sorts of attacks are called "confused deputy"
attacks because they rely on tricking the deputy into misbehaving.

Admittedly, in the given examples, the attacks are not especially interesting,
but that is because it is totally unsurprising that a Python interpreter might
have this kind of power.

There are distros like NixOS where there is _not_ a system Python
preinstalled, this is due to NixOS following the Principle of Least Authority
(POLA) and not putting powerful tools into standard paths automatically.

~~~
gizmo686
Python is not (typically) a "powerful" program in the sense of a confused
deputy; in runs with exactly the same powers as the user who runs it. If you
want security, you need well defined security boundaries, not removing
arbitrary programs that "seem" powerful.

~~~
benchaney
Although this obviously isn't what GP meant, I had fun imagining what sort of
ridiculous abuses of a system would result in python actually being a confused
deputy. Making a python interpreter that is also a setuid binary for example.

------
Twirrim
re: Jython.. it's just missing too much to be useful. Porting code to it is
often a non-trivial exercise. multiprocessing is still missing which it turns
out a number of libraries actually rely on to various degrees.
[http://bugs.jython.org/issue2287](http://bugs.jython.org/issue2287)

I want to like it & use it, after all JRuby is an excellent example of what
can be done. It's just every time I've tried, I've just found myself deep in
the guts of various libraries trying to make it work.

