Python-Bytecode-Verifier 0.1

Verifies that compiled Python bytecode is safe to execute

Python Bytecode Verifier’s purpose is similar to that of Java or .NET bytecode verifiers; to ensure that an externally compiled bytecode is safe to be executed in the runtime environment. Using a verifier in the Python interpreter could securely allow loading compiled bytecode to be loaded into isolated Python environments. Closed source code written in Python as well as external compilers for other languages targeting the Python runtime could safely be used in bytecode form.

This Python Bytecode Verifier is implemented in Python and is written with C portability in mind because the long-term goal is to convince the Python community to accept a bytecode verifier into the CPython interpreter that would increase security of internally compiled Python code and would securely enable the use of externally constructed Python bytecode.

Using a verifier would actually improve security in the CPython interpreter because new code objects are allowed to be created and existing .pyc files are allowed to be loaded; both of them are capable of crashing the CPython interpreter and possibly executing arbitrary native code as it contains no bytecode verifier.

This initial release has support for Python versions 2.5, 2.6, 3.0 and 3.1 and is able to successfully verify itself and all the Python source files in the respective Python source code release.

The verifier currently lacks conformance tests for invalid bytecode and thus is not suitable for production use.