Issue11829
Created on 2011-04-11 22:46 by Trundle, last changed 2022-04-11 14:57 by admin. This issue is now closed.
| Messages (4) |
|
|
| msg133549 - (view) |
Author: Andreas Stührk (Trundle) * |
Date: 2011-04-11 22:46 |
| The commit for issue #11133 omitted a part of the patch that checked whether the __dict__ attribute of metaclasses are shadowed. That makes it possible to trigger code execution in the case of metaclasses that have metaclasses. Attached is a patch with a test and a fix. |
|
|
| msg149810 - (view) |
Author: Michael Foord (michael.foord) *  |
Date: 2011-12-19 01:28 |
| Andreas, is this still needed and valid? |
|
|
| msg150046 - (view) |
Author: Andreas Stührk (Trundle) * |
Date: 2011-12-21 21:44 |
| As the test demonstrates, it's still possible to trigger a dynamic lookup without the patch, hence I think this is still needed and valid, yes. I updated the patch to make it reflect the latest committed changes. |
|
|
| msg150060 - (view) |
Author: Roundup Robot (python-dev)  |
Date: 2011-12-22 01:13 |
| New changeset 8f33758df19a by Michael Foord in branch '3.2': Metaclasses with metaclasses with a __dict__ descriptor can no longer trigger code execution with inspect.getattr_static. http://hg.python.org/cpython/rev/8f33758df19a |
|
|
| History |
|
|
|
| Date |
User |
Action |
Args |
| 2022-04-11 14:57:16 |
admin |
set |
github: 56038 |
| 2011-12-22 01:13:43 |
python-dev |
set |
status: open -> closednosy: + python-devmessages: + resolution: fixedstage: patch review -> resolved |
| 2011-12-21 21:44:08 |
Trundle |
set |
files: + getattr_static_metaclasses_v2.patchmessages: + |
| 2011-12-19 01:28:19 |
michael.foord |
set |
assignee: michael.foordmessages: + |
| 2011-07-15 18:54:52 |
pitrou |
set |
nosy: + ncoghlanstage: patch review |
| 2011-04-11 22:46:41 |
Trundle |
create |
|