Python security: mac or selinux for the interpreter

Like we can use a version of selinux and incorporate it into python

We can have a mac control in pythons interpreter that can manually or automatically trigger something like limiting file access for files in the home dir or providing protection for memory, even work with mandatory access control for network sockets.

What does everyone think?

This can be done today with various tools wrapped around python like AppArmor and systemd services.

Why is that not sufficient?

Well, for one its handy in many environments to have everything setup from the get go, since some distros dont use system.d and apparmor could be buggy, but i agree, maybe apparmor and system.d code can be incorporated into future releases in a python security stack, or code in python3+ could have a strapped down mac that limits fs access or somethng

If we focus on a little more on security now we can have a more

Reason im posting here today is i read theres a ton of trojan python files in the python package manager, read it on slashdot

Yeah, it’s easy to point at something like that for cheap internet points, so there’ll always be posts about how awful something is. Take them with a grain of salt.

1 Like