Python Forum
Hide source code from python process itself
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Hide source code from python process itself
#1
If someone manages to hack my web application and/or the python interpreter itself, is it possible to prevent the python process from extracting its own source code?

On the OS level, I could change the file permissions after the python interpreter had read the source, so that the process couldn't read them again if it later became compromised. Or maybe to achieve the same effect I could never give the process permission to access the source and use a separate non-python process to do a one-time stream of the code on loading.

However, with modules like "inspect" I'm not sure this would be worthwhile. Would deleting the files on my system for the "inspect" module be effective? Or could the process just read its own memory to find out what the source is?

Thank you
Reply
#2
I think deleting the files after the modules have been imported would be effective to prevent inspect from working, but the process stores its code objects in memory, in a binary form that can be decompiled. It means that although the code itself cannot be retrieved, a smart attacker may be able to reconstruct the code's logic. Look for python decompilers on the web to understand this issue.
Reply
#3
wow I just tried a pyc decompiler on a simple script and it worked very very well. Almost got original source code back. Variable names and everything. And that same information is held in the python process so if they dump the memory, with a little work, they could do the same thing?

Anything that can be done about this? Maybe like a filter on nginx to only let out a response if it matches a predefined format (no code, no binary, only certain chars)?
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  scraping from a website that hides source code PIWI_Protein 1 1,938 Mar-27-2020, 05:08 PM
Last Post: Larz60+
  How to hide a FlaskForm IntegerField while retaining its value. danfoster 0 3,756 Mar-03-2020, 10:56 PM
Last Post: danfoster
  Python requests.get() returns broken source code instead of expected source code? FatalPythonError 3 3,677 Sep-21-2018, 02:46 PM
Last Post: nilamo
  web crawler that retrieves data not stored in source code edithegodfather 14 11,182 Jan-14-2017, 01:01 AM
Last Post: edithegodfather

Forum Jump:

User Panel Messages

Announcements
Announcement #1 8/1/2020
Announcement #2 8/2/2020
Announcement #3 8/6/2020