The remote debugging protocol has been generating spurious
vulnerability reports from automated scanners that pattern-match
on "remote access" and "memory operations" without understanding
the privilege model. This section documents the security boundaries
so reporters can self-triage before submitting.
The threat model clarifies three points: attaching requires the
same OS-level privileges as GDB (ptrace, task_for_pid, or
SeDebugPrivilege), crashes caused by reading corrupted target
process memory are not security issues, and a compromised target
process is out of scope. A subsection explains when operators
should use PYTHON_DISABLE_REMOTE_DEBUG for defence-in-depth.
Although PEP 768 mentions how to disable the mechanism of
remote debugging, it is not documented in the Python docs.
This change adds a note on how to disable remote debugging support
in a Python interpreter to the remote debugging how-to.
Co-authored-by: Hugo van Kemenade <1324225+hugovk@users.noreply.github.com>
Add a developer-facing document describing the protocol used by
remote_exec(pid, script) to execute Python code in a running process.
This is intended to guide debugger and tool authors in reimplementing
the protocol.
Co-authored-by: Pablo Galindo <pablogsal@gmail.com>
