PEP 493: clarify a security caveat

2016-02-25 18:21:44 +10:00 · 2016-02-25 18:21:44 +10:00 · a283db8c30
parent 9c4c3a39c7
commit a283db8c30
1 changed files with 13 additions and 4 deletions
--- a/pep-0493.txt
+++ b/pep-0493.txt
@ -246,10 +246,19 @@ Relative to the behaviour in Python 3.4.3+ and Python 2.7.9->2.7.11, this
 approach does introduce a new downgrade attack against the default security
 settings that potentially allows a sufficiently determined attacker to revert
 Python to the default behaviour used in CPython 2.7.8 and earlier releases.
-However, such an attack requires the ability to modify the execution
+
-environment of a Python process prior to the import of the ``ssl`` module,
+This slight increase in the available attack surface is the main reason why:
-and any attacker with such access would already be able to modify the
+
-behaviour of the underlying OpenSSL implementation.
+* security sensitive applications should still define their own SSL context
 * the migration features described in this PEP are not being added to Python 3
 However, it's also worth keeping in mind that carrying out such an attack
 requires the ability to modify the execution environment of a Python process
 prior to the import of the ``ssl`` module. In combination with the ability
 to write to any part of the filesystem (such as ``/tmp``), any attacker with
 such access would already be able to modify the behaviour of the underlying
 OpenSSL implementation, the dynamic library loader, and other potentially
 security sensitive components.
 Interaction with Python virtual environments
 --------------------------------------------