Hi jython devs,
I'm performing a security assessment for a customer that uses
jythonc.py to compile python code that comes from an untrusted source.
They are currently using jython 2.0
As a security consultant this seemed like a recipe for disaster.
However, since they only compile the code and dont attempt execution
it seems safe..
My biggest concern is that the java compilation occurs within the JVM
of jythonc and not within its own javac process. Is there any
potential for polluting the jythonc runtime environment through the
compiled code? Perhaps replace a built in java class so when jythonc
makes a call to that built-in the malicious code would execute.
Its not possible for me to fully review jythonc in the time I'm given.
If there are obvious reasons why this shouldn't be done I'd be very
great-full to learn why. The customer likely won't be willing to
re-architect their product based on a "hunch" I have. So any
supporting evidence of why and how this might become insecure would be