|
7 | 7 | msgstr "" |
8 | 8 | "Project-Id-Version: Python 3.14\n" |
9 | 9 | "Report-Msgid-Bugs-To: \n" |
10 | | -"POT-Creation-Date: 2026-01-22 16:08+0000\n" |
| 10 | +"POT-Creation-Date: 2026-04-04 00:21+0000\n" |
11 | 11 | "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" |
12 | 12 | "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" |
13 | 13 | "Language-Team: Chinese - TAIWAN (https://github.com/python/python-docs-zh-" |
@@ -47,7 +47,8 @@ msgid "" |
47 | 47 | "Set the :envvar:`PYTHON_DISABLE_REMOTE_DEBUG` environment variable to ``1`` " |
48 | 48 | "before starting the interpreter." |
49 | 49 | msgstr "" |
50 | | -"在啟動直譯器之前,將 :envvar:`PYTHON_DISABLE_REMOTE_DEBUG` 環境變數設為 ``1``。" |
| 50 | +"在啟動直譯器之前,將 :envvar:`PYTHON_DISABLE_REMOTE_DEBUG` 環境變數設為 " |
| 51 | +"``1``。" |
51 | 52 |
|
52 | 53 | #: ../../howto/remote_debugging.rst:18 |
53 | 54 | msgid "Use the :option:`-X disable_remote_debug` command-line option." |
@@ -1323,3 +1324,90 @@ msgid "" |
1323 | 1324 | "Resume the process (if suspended). The script will execute at the next safe " |
1324 | 1325 | "evaluation point." |
1325 | 1326 | msgstr "恢復行程(如果已暫停)。腳本將在下一個安全執行點執行。" |
| 1327 | + |
| 1328 | +#: ../../howto/remote_debugging.rst:631 |
| 1329 | +msgid "Security and threat model" |
| 1330 | +msgstr "" |
| 1331 | + |
| 1332 | +#: ../../howto/remote_debugging.rst:633 |
| 1333 | +msgid "" |
| 1334 | +"The remote debugging protocol relies on the same operating system primitives " |
| 1335 | +"used by native debuggers such as GDB and LLDB. Attaching to a process " |
| 1336 | +"requires the **same privileges** that those debuggers require, for example " |
| 1337 | +"``ptrace`` / Yama LSM on Linux, ``task_for_pid`` on macOS, and " |
| 1338 | +"``SeDebugPrivilege`` on Windows. Python does not introduce any new " |
| 1339 | +"privilege escalation path; if an attacker already possesses the permissions " |
| 1340 | +"needed to attach to a process, they could equally use GDB to read memory or " |
| 1341 | +"inject code." |
| 1342 | +msgstr "" |
| 1343 | + |
| 1344 | +#: ../../howto/remote_debugging.rst:642 |
| 1345 | +msgid "" |
| 1346 | +"The following principles define what is, and is not, considered a security " |
| 1347 | +"vulnerability in this feature:" |
| 1348 | +msgstr "" |
| 1349 | + |
| 1350 | +#: ../../howto/remote_debugging.rst:645 |
| 1351 | +msgid "Attaching requires OS-level privileges" |
| 1352 | +msgstr "" |
| 1353 | + |
| 1354 | +#: ../../howto/remote_debugging.rst:646 |
| 1355 | +msgid "" |
| 1356 | +"On every supported platform the operating system gates cross-process memory " |
| 1357 | +"access behind privilege checks (``CAP_SYS_PTRACE``, root, or administrator " |
| 1358 | +"rights). A report that demonstrates an issue only after these privileges " |
| 1359 | +"have already been obtained is **not** a vulnerability in CPython, since the " |
| 1360 | +"OS security boundary was already crossed." |
| 1361 | +msgstr "" |
| 1362 | + |
| 1363 | +#: ../../howto/remote_debugging.rst:652 |
| 1364 | +msgid "" |
| 1365 | +"Crashes or memory errors when reading a compromised process are not " |
| 1366 | +"vulnerabilities" |
| 1367 | +msgstr "" |
| 1368 | + |
| 1369 | +#: ../../howto/remote_debugging.rst:653 |
| 1370 | +msgid "" |
| 1371 | +"A tool that reads internal interpreter state from a target process must " |
| 1372 | +"trust that memory to be well-formed. If the target process has been " |
| 1373 | +"corrupted or is controlled by an attacker, the debugger or profiler may " |
| 1374 | +"crash, produce garbage output, or behave unpredictably. This is the same " |
| 1375 | +"risk accepted by every ``ptrace``-based debugger. Bugs in this category " |
| 1376 | +"(buffer overflows, segmentation faults, or undefined behaviour triggered by " |
| 1377 | +"reading corrupted state) are **not** treated as security issues, though " |
| 1378 | +"fixes that improve robustness are welcome." |
| 1379 | +msgstr "" |
| 1380 | + |
| 1381 | +#: ../../howto/remote_debugging.rst:662 |
| 1382 | +msgid "Vulnerabilities in the target process are not in scope" |
| 1383 | +msgstr "" |
| 1384 | + |
| 1385 | +#: ../../howto/remote_debugging.rst:663 |
| 1386 | +msgid "" |
| 1387 | +"If the Python process being debugged has already been compromised, the " |
| 1388 | +"attacker already controls execution in that process. Demonstrating further " |
| 1389 | +"impact from that starting point does not constitute a vulnerability in the " |
| 1390 | +"remote debugging protocol." |
| 1391 | +msgstr "" |
| 1392 | + |
| 1393 | +#: ../../howto/remote_debugging.rst:669 |
| 1394 | +msgid "When to use ``PYTHON_DISABLE_REMOTE_DEBUG``" |
| 1395 | +msgstr "" |
| 1396 | + |
| 1397 | +#: ../../howto/remote_debugging.rst:671 |
| 1398 | +msgid "" |
| 1399 | +"The environment variable :envvar:`PYTHON_DISABLE_REMOTE_DEBUG` (and the " |
| 1400 | +"equivalent :option:`-X disable_remote_debug` flag) allows operators to " |
| 1401 | +"disable the in-process side of the protocol as a **defence-in-depth** " |
| 1402 | +"measure. This may be useful in hardened or sandboxed deployment " |
| 1403 | +"environments where no debugging or profiling of the process is expected and " |
| 1404 | +"reducing attack surface is a priority, even though the OS-level privilege " |
| 1405 | +"checks already prevent unprivileged access." |
| 1406 | +msgstr "" |
| 1407 | + |
| 1408 | +#: ../../howto/remote_debugging.rst:679 |
| 1409 | +msgid "" |
| 1410 | +"Setting this variable does **not** affect other OS-level debugging " |
| 1411 | +"interfaces (``ptrace``, ``/proc``, ``task_for_pid``, etc.), which remain " |
| 1412 | +"available according to their own permission models." |
| 1413 | +msgstr "" |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments