Python PAM模块的安全性问题? [英] Security concerns with a Python PAM module?

问题描述

我有兴趣编写一个PAM模块，该模块将使用流行的身份验证机制进行Unix登录.我过去的编程经验大部分是在Python中进行的，而我正在与之交互的系统已经具有Python API.我四处搜寻，发现 pam_python ，它允许PAM模块调用python解释器，因此允许PAM模块基本上是用 Python编写的.

I'm interested in writing a PAM module that would make use of a popular authentication mechanism for Unix logins. Most of my past programming experience has been in Python, and the system I'm interacting with already has a Python API. I googled around and found pam_python, which allows PAM modules to invoke the python intrepreter, therefore allowing PAM modules to be written essentially in Python.

但是，我读到的内容是，允许用户调用以比用户本身更高的访问级别运行的Python代码(例如SUID Python脚本)，存在安全隐患.这些问题也适用于Python PAM模块吗?

However, I've read that there are security risks when allowing a user to invoke Python code that runs with a higher access level than the user itself, such as SUID Python scripts. Are these concerns applicable to a Python PAM module as well?

推荐答案

您提到的安全性本身并不是关于以高访问级别运行的允许用户调用Python代码"，但允许用户可以在此类代码的运行过程中行使任何形式的 control －最明显的是通过注入或更改代码本身，但更巧妙的是，还可以通过控制该进程的环境(以及由此而来的路径)例如，该代码将导入模块). (例如，如果用户能够控制C编写的代码从中加载.so的路径，则类似的担忧也适用于C编写的代码-尽管OS可能会更直接地帮助解决此类问题).

The security concerns that you mention aren't, per se, about "allowing the user to invoke Python code" which runs with high access levels, but allowing the user to exercise any form of control over the running of such code -- most obviously by injecting or altering the code itself, but, more subtly, also by controlling that process's environment (and therefore the path from which that code imports modules, for example). (Similar concerns would apply with C-written code if the user was able to control the path from which the latter loads .so's for example -- though the OS may help more directly with such a concern).

在我看来，pam_python具有很好的抵抗此类风险的能力，因此可以安全地用于您的目的.但是，请注意，文档指出...:

It appears to me that pam_python is well armored against such risks, and so it should be safely usable for your purposes. However, do note that the docs point out...:

使用Python编写PAM模块会产生 巨大的性能损失和 需要安装Python，因此它 不是写作的最佳选择 将会广泛使用的模块.

Writing PAM modules from Python incurs a large performance penalty and requires Python to be installed, so it is not the best option for writing modules that will be used widely.

因此，如果您对所提供的机制很流行的看法是正确的，则可能需要使用C对模块进行编码，以避免出现这些问题.但是，在将其固定为C之前，使用Python对其进行原型设计以作为有限分布的概念证明是一种可行的策略.

So, if you're right that the mechanism you're supplying will be popular, you will probably want to code your module in C to avoid these issues. However, prototyping it in Python as a proof of concept with limited distribution, before firming it up in C, is a viable strategy.

这篇关于Python PAM模块的安全性问题?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！