From 026571ae6b2700fe5c824075f2bf36abd286e7e9 Mon Sep 17 00:00:00 2001 From: Pablo Galindo Date: Mon, 16 Dec 2024 13:23:55 +0000 Subject: [PATCH] Fix formatting and address review comments --- peps/pep-0768.rst | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/peps/pep-0768.rst b/peps/pep-0768.rst index 85a690e3999..32475ab76fc 100644 --- a/peps/pep-0768.rst +++ b/peps/pep-0768.rst @@ -301,14 +301,14 @@ To allow redistributors, system administrators, or users to disable this mechanism, several methods will be provided to control the behavior of the interpreter: -A new ``PYTHON_DISABLE_REMOTE_DEBUGGING`` environment variable will +A new ``PYTHON_DISABLE_REMOTE_DEBUG`` environment variable will be provided to control the behaviour at runtime. If set to any value (including an empty string), the interpreter will ignore any attempts to attach a debugger using this mechanism. -This environment variable will be added together with a new ``-X disable-remote-debugging`` +This environment variable will be added together with a new ``-X disable-remote-debug`` flag to the Python interpreter to allow users to disable this feature at runtime. -Additionally a new ``--without-remote-debugging`` flag will be added to the +Additionally a new ``--without-remote-debug`` flag will be added to the ``configure`` script to allow redistributors to build Python without support for remote debugging if they so desire. @@ -330,7 +330,7 @@ Security Implications ===================== This interface does not introduce new security concerns as it is only usable by -processes that can already write to arbitrary memory within your process and +processes that can already write to arbitrary memory within a given process and execute arbitrary code on the machine (in order to create the file containing the Python code to be executed). @@ -419,11 +419,10 @@ purposes provides a very risky proposition for an attacker, as they risk exposing their actions to system administrators that could not only detect the attack but also take action to prevent it. -Finally, is important to note that -if an attacker has arbitrary memory write access to a process and has compromised -the filesystem, they can already escalate to arbitrary code execution using -other existing mechanisms, so this interface does not introduce any new risks -in this scenario. +Finally, is important to note that if an attacker has arbitrary memory write +access to a process and has compromised the filesystem, they can already +escalate to arbitrary code execution using other existing mechanisms, so this +interface does not introduce any new risks in this scenario. How to Teach This